Guest miyamotogL Posted January 11, 2013 Share Posted January 11, 2013 http://thenextweb.com/insider/2013/01/10/new-java-vulnerability-is-being-exploited-in-the-wild-disabling-java-is-currently-your-only-option/ Link to comment Share on other sites More sharing options...
Guest RET.GEN.Darmine Posted January 11, 2013 Share Posted January 11, 2013 Java 9 affected? It says Java 7. Link to comment Share on other sites More sharing options...
Guest MAJ.Kaossilator=US= Posted January 11, 2013 Share Posted January 11, 2013 For anyone who doesn't know... IE9: 1. Gear Icon (upper right; or tap 'Alt' and go to Tools menu) 2. Internet Options 3. Programs tab 4. "Manage Add-ons" 5. In the "Toolbars and Extensions" section, highlight both Java plug-ins, and click the "Disable" button in the lower-right Firefox: 1. Firefox menu (upper left) 2. Add-ons 3. In the "Plugins" section, click the "Disable" button next to Java Platform Chrome: 1. Options/List icon to the right of the URL bar 2. Settings 3. Scroll all the way down, click "show advanced settings" 4. In the Privacy section, click "Content Settings" 5. About 1/3 of the way down is "Plug-ins" 6. Click "Disable individual plug-ins" 7. Find Java and hit the "disable" link Link to comment Share on other sites More sharing options...
Guest MAJ.Kaossilator=US= Posted January 11, 2013 Share Posted January 11, 2013 Java 9 affected? It says Java 7. It would be Java 7 Update 10 and earlier, sir. If you're looking at your current Java version and it says 9, I'm guessing that you're seeing the Update number. So at a guess that would be Java 7 Update 9. Link to comment Share on other sites More sharing options...
Guest Ddress Posted January 11, 2013 Share Posted January 11, 2013 Firefox has automatically disable said versions of java, at least mine did. Link to comment Share on other sites More sharing options...
Guest miyamotogL Posted January 11, 2013 Share Posted January 11, 2013 I had to turn it off manually. I doubt it will take very long for an update to be released. This is a serious defect that Oracle will have to address with a patch very quickly. If you "need" to use Java, make sure to keep the browser plugins disabled except when going directly to a Java website that you already use (SBSCommerce, etc.). If you do not "need" to use Java, just uninstall it. It is a quick process to install in the rare event that you will ever need to have it. Link to comment Share on other sites More sharing options...
Guest Hjarnar Posted January 11, 2013 Share Posted January 11, 2013 I'm no computer genius, what exactly is it that this exploit does? What am I supposed to be afraid of? Link to comment Share on other sites More sharing options...
Guest XboxxKiller Posted January 11, 2013 Share Posted January 11, 2013 I'm no computer genius, what exactly is it that this exploit does? What am I supposed to be afraid of? The site says - Overview – Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description – Java 7 Update 10 and earlier contain an unspecified remote-code-execution vulnerability. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Impact – By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system. Link to comment Share on other sites More sharing options...
Guest MAJ.Kaossilator=US= Posted January 11, 2013 Share Posted January 11, 2013 ^^ Which means that the remote attacker is now down to the OS security layer. Java is just the "back door" they're coming in, which exists at the sufferance of the operating system. The OS will still allow/disallow certain actions depending on how Java is integrated into it. However, that still leaves an awfully wide open range of code that a remote attacker could execute. So in theory, the impact could be devastating. Now... the upside is that even locally, most sensitive information is hashed and encrypted so you're unlikely to have someone digging through browser cookies and finding passwords and such with much success. But still.. the effect is severe to say the least. Link to comment Share on other sites More sharing options...
Guest miyamotogL Posted January 11, 2013 Share Posted January 11, 2013 ^^ Exactly. Arbitrary code means exactly that. Just about anything. Like CPT.Kaos mentioned, the OS should block anything that would modify the system (UAC). Even then, how many people would unknowingly just click YES? Besides, who uses Java anyway? Just uninstall it unless you need it. Link to comment Share on other sites More sharing options...
Guest Hjarnar Posted January 12, 2013 Share Posted January 12, 2013 Ó.Ò <- mfw I use Java for online banking Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.