java exploit

sheesh · 29-08-2012 02:18AM #1

http://arstechnica.com/security/2012/08/critical-java-exploit-spreads/

Anybody know anything about this?

Is it just a case of going into plugins and disabling java in the browser?

LoLth · 29-08-2012 12:33PM

Deepend security's article on it:
http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html

US CERT Advisory on disabling java plugins:
http://www.kb.cert.org/vuls/id/636312

(note: they do say that the noscript plugin from firefox should protect you).

h57xiucj2z946q · 30-08-2012 09:59AM

Yup, java disabled for now!

infodox · 30-08-2012 06:01PM

J7u7 fixes it. Kind of, though there are a few others in the wild apparently.

The scary bit is it works completely cross platform with little to no modification whatsoever...

BaconZombie · 30-08-2012 10:35PM

I wish I could say the same for all of Oracles fecking apps.

infodox wrote: »

J7u7 fixes it. Kind of, though there are a few others in the wild apparently.

The scary bit is it works completely cross platform with little to no modification whatsoever...

manutd4life · 31-08-2012 10:08AM

I have just downloaded Java 6 Update 35. Chrome is my default browser but I also have IE 64 bit which uses Java 6 Update 13.

Is the 64 bit Java up to date or can I uninstall it because I don't use IE 64 bit at all?

h57xiucj2z946q · 31-08-2012 10:19AM

Check here: http://isjavaexploitable.com
I take no responsibility of the authenticity of this site.

LoLth · 31-08-2012 10:54AM

that site is run by Rapid7 and checks the installed Java for *any* vulnerabilities.

http://zulu.zscaler.com/research/java_version.html

this one tests for the 0-day exploit specifically.

h57xiucj2z946q · 31-08-2012 11:07AM

That last site says I'm still vulnerable after Oracles latest update.

Will leave java disabled in browsers in the mean time anyway.

java exploit

Comments