A very nasty 0-Day exploit of Java (all versions) is now active and there is no patch available.
I strongly suggest you disable Java in your browser until a patch becomes available.
See: http://securitywatch.pcmag.com/none/302 ... e-java-now
Note: Java is not the same as JavaScript. The only widespread Java controls for weather-related things are the old Davis scroller and the Astrogenics StormVue Java Control.
Better to be safe than have to clean up a mess later.
Welcome to the Cumulus Support forum.
Latest Cumulus MX V4 release 4.4.2 (build 4085) - 12 March 2025
Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024
Legacy Cumulus 1 release 1.9.4 (build 1099) - 28 November 2014
(a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
If you are posting a new Topic about an error or if you need help PLEASE read this first viewtopic.php?p=164080#p164080
Latest Cumulus MX V4 release 4.4.2 (build 4085) - 12 March 2025
Latest Cumulus MX V3 release 3.28.6 (build 3283) - 21 March 2024
Legacy Cumulus 1 release 1.9.4 (build 1099) - 28 November 2014
(a patch is available for 1.9.4 build 1099 that extends the date range of drop-down menus to 2030)
Download the Software (Cumulus MX / Cumulus 1 and other related items) from the Wiki
If you are posting a new Topic about an error or if you need help PLEASE read this first viewtopic.php?p=164080#p164080
Java (not JavaScript) 0-day exploit in the wild ..
-
saratogaWX
- Posts: 1238
- Joined: Wed 06 May 2009 5:02 am
- Weather Station: Davis Vantage Pro Plus
- Operating System: Windows 10 Professional
- Location: Saratoga, CA, USA
- Contact:
-
steve
- Cumulus Author
- Posts: 26672
- Joined: Mon 02 Jun 2008 6:49 pm
- Weather Station: None
- Operating System: None
- Location: Vienne, France
- Contact:
Re: Java (not JavaScript) 0-day exploit in the wild ..
Only Java 7 (aka 1.7), apparently, not Java 6 and below.saratogaWX wrote:A very nasty 0-Day exploit of Java (all versions)
http://www.zdnet.com/java-zero-day-vuln ... 000003233/
Steve
-
nking
- Posts: 813
- Joined: Thu 17 Dec 2009 2:03 pm
- Weather Station: W-8681
- Operating System: Windows 10
- Location: Hurstpierpoint, West Sussex, UK
- Contact:
Re: Java (not JavaScript) 0-day exploit in the wild ..
I imagine Sandboxie http://www.sandboxie.com/ may avoid this infection or any other type of website malware - worth a look 
-
saratogaWX
- Posts: 1238
- Joined: Wed 06 May 2009 5:02 am
- Weather Station: Davis Vantage Pro Plus
- Operating System: Windows 10 Professional
- Location: Saratoga, CA, USA
- Contact:
Re: Java (not JavaScript) 0-day exploit in the wild ..
Looks like Oracle heard the security folks and released patches for the 6 and 7 versions Java engines:
http://www.oracle.com/technetwork/topic ... 35715.html
Good thing because the Blackhole malware exploit kit had added a plugin to exploit the vulnerabilities about 8 hours after the vulnerabilities were disclosed, and there are exploits running in the wild now.
So... if you need Java again, please do install the updates from Oracle before enabling it in your browser. If you can live without Java, just leave it disabled or uninstalled.
http://www.oracle.com/technetwork/topic ... 35715.html
Good thing because the Blackhole malware exploit kit had added a plugin to exploit the vulnerabilities about 8 hours after the vulnerabilities were disclosed, and there are exploits running in the wild now.
So... if you need Java again, please do install the updates from Oracle before enabling it in your browser. If you can live without Java, just leave it disabled or uninstalled.