Jump to content

Java zero-day exploit


Farelf
 Share

Recommended Posts

Thanks to member "Retired" at the GRC newsgroup for the following links:

http://krebsonsecurity.com/2013/01/zero-da...s-in-crimeware/

The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.

According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10. This information could not be immediately verified, but if you have Java installed, it would be a very good idea to unplug Java from your browser, or uninstall this program entirely if you don’t need it. ...

... (and the risk is promptly verified - see the full article and comment).

The real news, as Krebs goes on to note, is that the latest Java (Java 7 Update 10) has a streamlined security feature built into the Java console to withdraw Java from all installed browsers. The Oracle guide:

http://www.java.com/en/download/help/disable_browser.xml

A Java icon in the XP control panel? Not on mine, there's not - but XP users can just find javacpl.exe (C:\Program Files\Java\jre7\bin) and make a shortcut on the desktop if likely to need to toggle to enable/disable Java (browser needs to be re-started every time toggled).

Worth trying life without Java for a while, I think. Some have long sworn by such self-denial, which suddenly doesn't seem quite so tinfoil-hatterly :ph34r: .

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...