|
|
Java 7 0day Actively Exploited In The Wild
January 10, 2013
There is a 0day vulnerability (identified flaw, with no patch available) being actively exploited across the Internet in Java. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. Proof of concept code is already publicly available and we expect to see fully functioning exploit code incorporated into even more exploit frameworks within the next few days.
What does this mean to you?
� This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10
� Even if you're only running Java 6, users will be forced to automatically upgrade to version 7 in February of this year. This means further exposure to this vulnerability.
What you can do now to avoid being exploited
� Disable Java entirely
� If you don't need Java, remove it from the system entirely
� Lower and manage desktop privileges with solutions like PowerBroker for Windows
� Scan and detect this vulnerability with Retina Network
|
|
|
(CNN) -- The critical Java vulnerability that is currently under attack was made possible by an incomplete patch Oracle developers issued last year to fix an earlier security bug, a researcher said.
The revelation, made Friday by Adam Gowdiak of Poland-based Security Explorations, is the latest black eye for Oracle's Java software framework which is installed on more than 1 billion PCs, smartphones, and other devices.
|
|
|
|
Firefox disabled mine automatically, will leave it like that until the fix
Im assuming there isnt any malicious code out there yet, just a possibility due to the exploit?
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
|
I can't see why you'd make that assumption?
|
|
|
|
Actually yea sorry misread the article
|
|
|
Presume the vulnerability would only be exploited at malicious webpages? Eg. not at TBB Speed Test.
1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
|
|
|
Firefox disabled mine automatically, will leave it like that until the fix
It's been this way for a long, long time. I can't remember the last time Firefox enabled it without a warning.
|
|
|
|
Mine hasnt been, think it did with version 6 but not with version 7 until now
|
|
|
|
Not necessarily according to articles ive read as even legit sites could have code injected into them. They will patch it in a few days anyway so best to just be safe until then
|
|
|
|
No, legit sites are compromised all the time. The only way to be safe is to uninstall Java or disable the web plug-in.
|
Pages in this thread: 
Print Thread
deleted
