A very nasty 0-Day exploit of Java (all versions) is now active and there is no patch available.
I strongly suggest you disable Java in your browser until a patch becomes available.
See: http://securitywatch.pcmag.com/none/302 ... e-java-now
Note: Java is not the same as JavaScript. The only widespread Java controls for weather-related things are the old Davis scroller and the Astrogenics StormVue Java Control.
Better to be safe than have to clean up a mess later.
Welcome to the Cumulus Support forum.
Latest Cumulus MX V4 release 4.0.1 (build 4023) - 16 May 2024
(Note that 4.1.0 (build 4024) - 05 June 2024 remains available, but usage of this version is not recommended - particularly for Davis stations - and the included utility in this distribution for migrating to v4 is known to contain errors affecting conversion of dayfile.txt)
Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024
Legacy Cumulus 1 release 1.9.4 (build 1099) - 28 November 2014
(a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
Latest Cumulus MX V4 release 4.0.1 (build 4023) - 16 May 2024
(Note that 4.1.0 (build 4024) - 05 June 2024 remains available, but usage of this version is not recommended - particularly for Davis stations - and the included utility in this distribution for migrating to v4 is known to contain errors affecting conversion of dayfile.txt)
Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024
Legacy Cumulus 1 release 1.9.4 (build 1099) - 28 November 2014
(a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
Java (not JavaScript) 0-day exploit in the wild ..
-
saratogaWX
- Posts: 1211
- Joined: Wed 06 May 2009 5:02 am
- Weather Station: Davis Vantage Pro Plus
- Operating System: Windows 10 Professional
- Location: Saratoga, CA, USA
- Contact:
-
steve
- Cumulus Author
- Posts: 26701
- Joined: Mon 02 Jun 2008 6:49 pm
- Weather Station: None
- Operating System: None
- Location: Vienne, France
- Contact:
Re: Java (not JavaScript) 0-day exploit in the wild ..
Only Java 7 (aka 1.7), apparently, not Java 6 and below.saratogaWX wrote:A very nasty 0-Day exploit of Java (all versions)
http://www.zdnet.com/java-zero-day-vuln ... 000003233/
Steve
-
nking
- Posts: 808
- Joined: Thu 17 Dec 2009 2:03 pm
- Weather Station: W-8681
- Operating System: Windows 10
- Location: Hurstpierpoint, West Sussex, UK
- Contact:
Re: Java (not JavaScript) 0-day exploit in the wild ..
I imagine Sandboxie http://www.sandboxie.com/ may avoid this infection or any other type of website malware - worth a look 
-
saratogaWX
- Posts: 1211
- Joined: Wed 06 May 2009 5:02 am
- Weather Station: Davis Vantage Pro Plus
- Operating System: Windows 10 Professional
- Location: Saratoga, CA, USA
- Contact:
Re: Java (not JavaScript) 0-day exploit in the wild ..
Looks like Oracle heard the security folks and released patches for the 6 and 7 versions Java engines:
http://www.oracle.com/technetwork/topic ... 35715.html
Good thing because the Blackhole malware exploit kit had added a plugin to exploit the vulnerabilities about 8 hours after the vulnerabilities were disclosed, and there are exploits running in the wild now.
So... if you need Java again, please do install the updates from Oracle before enabling it in your browser. If you can live without Java, just leave it disabled or uninstalled.
http://www.oracle.com/technetwork/topic ... 35715.html
Good thing because the Blackhole malware exploit kit had added a plugin to exploit the vulnerabilities about 8 hours after the vulnerabilities were disclosed, and there are exploits running in the wild now.
So... if you need Java again, please do install the updates from Oracle before enabling it in your browser. If you can live without Java, just leave it disabled or uninstalled.