Calgarypuck Forums - The Unofficial Calgary Flames Fan Community

Go Back   Calgarypuck Forums - The Unofficial Calgary Flames Fan Community > Main Forums > The Off Topic Forum > Tech Talk
Reload this Page Java 1.7 at risk for attack
Register Forum Rules FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Search this Thread
Old 08-28-2012, 09:17 PM   #1
Regulator75
Franchise Player
 
Regulator75's Avatar
 
Join Date: Oct 2001
Location: Behind Nikkor Glass
Exp:
Default Java 1.7 at risk for attack
Quote:
A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle's Java patch schedule, it may be some time before a fix becomes widely available.

The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday, while PCs with Java versions 1.6 or earlier installed are not at risk.

The vulnerability allows attackers to use a custom web page to force systems to download and run an arbitrary payload – for example, a keylogger or some other type of malware. The payload does not need to be a Java app itself.
http://www.theregister.co.uk/2012/08...block_exploit/
__________________

More photos on Flickr
Regulator75 is offline   Reply With Quote
Old 08-28-2012, 09:35 PM   #2
ah123
First Line Centre
 
Join Date: Oct 2001
Location: Here
Exp:
Default
Best advice I have heard when dealing with Java

Quote:
Oracle has moved Java to a quarterly patch cycle, and its next update is not scheduled until October.

In the meantime, it’s a good idea to either unplug Java from your browser or uninstall it from your computer completely.

Windows users can find out if they have Java installed and which version by visiting java.com and clicking the “Do I have Java? link. Mac users can use the Software Update feature to check for any available Java updates.

If you primarily use Java because some Web site, or program you have on your system — such as OpenOffice or Freemind — requires it, you can still dramatically reduce the risk from Java attacks just by disabling the plugin in your Web browser. In this case, I would suggest a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.
http://m.krebsonsecurity.com/2012/08...it/#more-16568
ah123 is offline   Reply With Quote
Old 08-29-2012, 08:16 AM   #3
Rathji
Franchise Player
 
Rathji's Avatar
 
Join Date: Nov 2006
Location: Supporting Urban Sprawl
Exp:
Default
I am sick in bed right now, so researching this is awkward.

Anyone know if 6u33 had the same issues?

Seems like reverting to an older version makes a lot more sense than just deleting or disabling it entirely.
__________________
"Wake up, Luigi! The only time plumbers sleep on the job is when we're working by the hour."
Rathji is offline   Reply With Quote
Old 08-30-2012, 02:01 PM   #4
Bobblehead
Franchise Player
 
Bobblehead's Avatar
 
Join Date: Jul 2005
Location: in your blind spot.
Exp:
Default
Patch has been released.

http://www.oracle.com/technetwork/ja...s-1836441.html
__________________
"The problem with any ideology is that it gives the answer before you look at the evidence."
—Bill Clinton
"The greatest obstacle to discovery is not ignorance--it is the illusion of knowledge."
—Daniel J. Boorstin, historian, former Librarian of Congress
"But the Senator, while insisting he was not intoxicated, could not explain his nudity"
—WKRP in Cincinatti
Bobblehead is offline   Reply With Quote
The Following 3 Users Say Thank You to Bobblehead For This Useful Post:
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 04:18 AM.
Calgary Flames
2023-24



Contact Us - Calgarypuck Forums - Unofficial Calgary Flames Community - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright Calgarypuck 2021