Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | (show all)   Print Thread
Standard User BatBoy
(legend) Fri 11-Jan-13 12:39:01
Print Post

Java7 zero-day vunerability


[link to this post]
 
Java 7 0day Actively Exploited In The Wild
January 10, 2013
There is a 0day vulnerability (identified flaw, with no patch available) being actively exploited across the Internet in Java. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. Proof of concept code is already publicly available and we expect to see fully functioning exploit code incorporated into even more exploit frameworks within the next few days.

What does this mean to you?
This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10
Even if you're only running Java 6, users will be forced to automatically upgrade to version 7 in February of this year. This means further exposure to this vulnerability.
What you can do now to avoid being exploited
Disable Java entirely
If you don't need Java, remove it from the system entirely
Lower and manage desktop privileges with solutions like PowerBroker for Windows
Scan and detect this vulnerability with Retina Network



_____________________________________________________________________________________________ this is not usenet __________________
Standard User BatBoy
(legend) Fri 11-Jan-13 22:55:08
Print Post

Re: Java7 zero-day vunerability


[re: BatBoy] [link to this post]
 
(CNN) -- The critical Java vulnerability that is currently under attack was made possible by an incomplete patch Oracle developers issued last year to fix an earlier security bug, a researcher said.

The revelation, made Friday by Adam Gowdiak of Poland-based Security Explorations, is the latest black eye for Oracle's Java software framework which is installed on more than 1 billion PCs, smartphones, and other devices.



_____________________________________________________________________________________________ this is not usenet __________________
Standard User bobble_bob
(experienced) Sun 13-Jan-13 08:00:26
Print Post

Re: Java7 zero-day vunerability


[re: BatBoy] [link to this post]
 
Firefox disabled mine automatically, will leave it like that until the fix

Im assuming there isnt any malicious code out there yet, just a possibility due to the exploit?


Register (or login) on our website and you will not see this ad.

Standard User BatBoy
(legend) Sun 13-Jan-13 08:52:25
Print Post

Re: Java7 zero-day vunerability


[re: bobble_bob] [link to this post]
 
I can't see why you'd make that assumption?


_____________________________________________________________________________________________ this is not usenet __________________
Standard User bobble_bob
(experienced) Sun 13-Jan-13 10:12:59
Print Post

Re: Java7 zero-day vunerability


[re: BatBoy] [link to this post]
 
Actually yea sorry misread the article
Standard User XRaySpeX
(eat-sleep-adslguide) Sun 13-Jan-13 10:50:05
Print Post

Re: Java7 zero-day vunerability


[re: BatBoy] [link to this post]
 
Presume the vulnerability would only be exploited at malicious webpages? Eg. not at TBB Speed Test.

1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
Standard User Danh_Gbwe
(newbie) Sun 13-Jan-13 11:13:41
Print Post

Re: Java7 zero-day vunerability


[re: bobble_bob] [link to this post]
 
In reply to a post by bobble_bob:
Firefox disabled mine automatically, will leave it like that until the fix


It's been this way for a long, long time. I can't remember the last time Firefox enabled it without a warning.
Standard User bobble_bob
(experienced) Sun 13-Jan-13 11:34:56
Print Post

Re: Java7 zero-day vunerability


[re: Danh_Gbwe] [link to this post]
 
Mine hasnt been, think it did with version 6 but not with version 7 until now
Standard User bobble_bob
(experienced) Sun 13-Jan-13 11:36:10
Print Post

Re: Java7 zero-day vunerability


[re: XRaySpeX] [link to this post]
 
Not necessarily according to articles ive read as even legit sites could have code injected into them. They will patch it in a few days anyway so best to just be safe until then
Standard User Zadeks
(experienced) Sun 13-Jan-13 11:57:56
Print Post

Re: Java7 zero-day vunerability


[re: XRaySpeX] [link to this post]
 
No, legit sites are compromised all the time. The only way to be safe is to uninstall Java or disable the web plug-in.
Pages in this thread: 1 | 2 | 3 | 4 | (show all)   Print Thread

Jump to