| View previous topic :: View next topic |
| Author |
Message |
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13538
Location: Upstate, NY
|
 Posted: Wed Nov 28, 2012 20:59 pm Post subject: Latest Java zero-day exploit renews calls to disable it |
 |
|
| Quote: |
A zero-day Java exploit found for sale in the criminal underground has renewed calls to disable the cross-platform runtime environment in Web browsers.
The latest exploit of a vulnerability not yet publicly known was reported on Tuesday by Brian Krebs, author of the KrebsonSecurity blog. An established member of the Underweb forum, an invitation-only site, was selling the exploit for Java JRE 7 Update 9, the latest version of the platform. The expected price was in the "five digits."
The flaw was in the Java class "MidiDevice.Info," a component that handles audio input and output, Krebs said. The seller claimed "code execution was very reliable" on Firefox, Microsoft Internet Explorer and Windows 7.
The latest exploit discovery comes three months after two other zero-day vulnerabilities and exploit code were found , one by a security researcher at Accuvant and the other by a developer at Immunity. The flaws were in Java 7 and affected Windows, Mac OS X and Linux operating systems running a browser with a Java plug-in.
The latest exploit was unusual because they are seldom sold in such an open manner, said Chester Wisniewski, a senior security adviser for Sophos. "Granted it is on a members only criminal forum, but it sounds like the post was rather straight forward."
|
More at the source: Latest Java zero-day exploit renews calls to disable it
_________________
Freedomlist.com (March 1, 2000 - 2013)
 
Take a walk through my Security Garden |
|
| Back to top |
|
 |
plodr
Administrator
Joined: 12 Apr 2001
Posts: 7415
|
| Posted: Thu Nov 29, 2012 11:26 am Post subject: |
|
|
| Thanks Corrine. I only have it on one computer. I'm off to disable it there. |
|
| Back to top |
|
|
CaptainTripps
Joined: 18 Sep 2005
Posts: 880
|
| Posted: Fri Nov 30, 2012 12:26 pm Post subject: |
|
|
| Thanks Corrine, since I rarely ever need or use java, it's just not worth the risks that keep popping up so I removed it from my computer. |
|
| Back to top |
|
|
Corrine
Administrator
Joined: 18 Jan 2001
Posts: 13538
Location: Upstate, NY
|
| Posted: Fri Nov 30, 2012 14:52 pm Post subject: |
|
|
I think you'll be glad you did, CaptainTripps. I uninstalled Java several years ago and have not needed it.
_________________
Freedomlist.com (March 1, 2000 - 2013)
Take a walk through my Security Garden |
|
| Back to top |
|
|
techie
Administrator
Joined: 15 Jan 2001
Posts: 2076
Location: U.S.
|
| Posted: Fri Nov 30, 2012 14:55 pm Post subject: |
|
|
| If Java is trying to force the ask toolbar on you, that should tell you something. Yes. you can opt out of the toolbar. |
|
| Back to top |
|
|
Main
Search
please register
Log in
FAQ
RULES
