Jump to content

Java zero-day exploit


Recommended Posts

Thanks to member "Retired" at the GRC newsgroup for the following links:


The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.

According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10. This information could not be immediately verified, but if you have Java installed, it would be a very good idea to unplug Java from your browser, or uninstall this program entirely if you don’t need it. ...

... (and the risk is promptly verified - see the full article and comment).

The real news, as Krebs goes on to note, is that the latest Java (Java 7 Update 10) has a streamlined security feature built into the Java console to withdraw Java from all installed browsers. The Oracle guide:


A Java icon in the XP control panel? Not on mine, there's not - but XP users can just find javacpl.exe (C:\Program Files\Java\jre7\bin) and make a shortcut on the desktop if likely to need to toggle to enable/disable Java (browser needs to be re-started every time toggled).

Worth trying life without Java for a while, I think. Some have long sworn by such self-denial, which suddenly doesn't seem quite so tinfoil-hatterly :ph34r: .

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...