Jump to content
Sign in to follow this  

Java zero-day exploit

Recommended Posts

Thanks to member "Retired" at the GRC newsgroup for the following links:


The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.

According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10. This information could not be immediately verified, but if you have Java installed, it would be a very good idea to unplug Java from your browser, or uninstall this program entirely if you don’t need it. ...

... (and the risk is promptly verified - see the full article and comment).

The real news, as Krebs goes on to note, is that the latest Java (Java 7 Update 10) has a streamlined security feature built into the Java console to withdraw Java from all installed browsers. The Oracle guide:


A Java icon in the XP control panel? Not on mine, there's not - but XP users can just find javacpl.exe (C:\Program Files\Java\jre7\bin) and make a shortcut on the desktop if likely to need to toggle to enable/disable Java (browser needs to be re-started every time toggled).

Worth trying life without Java for a while, I think. Some have long sworn by such self-denial, which suddenly doesn't seem quite so tinfoil-hatterly :ph34r: .

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this