Page 1 of 1

Java (not JavaScript) 0-day exploit in the wild ..

Posted: Wed 29 Aug 2012 2:16 pm
by saratogaWX
A very nasty 0-Day exploit of Java (all versions) is now active and there is no patch available.

I strongly suggest you disable Java in your browser until a patch becomes available.

See: http://securitywatch.pcmag.com/none/302 ... e-java-now

Note: Java is not the same as JavaScript. The only widespread Java controls for weather-related things are the old Davis scroller and the Astrogenics StormVue Java Control.

Better to be safe than have to clean up a mess later.

Re: Java (not JavaScript) 0-day exploit in the wild ..

Posted: Wed 29 Aug 2012 2:32 pm
by steve
saratogaWX wrote:A very nasty 0-Day exploit of Java (all versions)
Only Java 7 (aka 1.7), apparently, not Java 6 and below.

http://www.zdnet.com/java-zero-day-vuln ... 000003233/

Re: Java (not JavaScript) 0-day exploit in the wild ..

Posted: Wed 29 Aug 2012 3:39 pm
by nking
I imagine Sandboxie http://www.sandboxie.com/ may avoid this infection or any other type of website malware - worth a look ;)

Re: Java (not JavaScript) 0-day exploit in the wild ..

Posted: Fri 31 Aug 2012 12:55 am
by saratogaWX
Looks like Oracle heard the security folks and released patches for the 6 and 7 versions Java engines:

http://www.oracle.com/technetwork/topic ... 35715.html

Good thing because the Blackhole malware exploit kit had added a plugin to exploit the vulnerabilities about 8 hours after the vulnerabilities were disclosed, and there are exploits running in the wild now.

So... if you need Java again, please do install the updates from Oracle before enabling it in your browser. If you can live without Java, just leave it disabled or uninstalled.