New Java 7 exploit allows hackers to install malware on Windows, Mac OS X, and Linux; only fix currently is to disable Java.
Read about it here :-
http://dottech.org/windows/77807/new-java-7-exploit-allows-hackers-to-install-malware-on-windows-mac-os-x-and-linux-only-fix-currently-is-to-disable-java/
Went to disable it in Firefox but it was already disabled since the 14th of August for what I assume is another exploit? Gotta love Firefox notifying me and disabling bad shit.
Good work, coffeegrinder!
How to disable Java by browser:
http://blog.markloiseau.com/2012/03/psa-disable-java-in-your-browser/
How to disable Java in your Mac Web Browser:
http://www.maclife.com/article/howtos/how_disable_java_your_mac_web_browser
I do expect Oracle will come up with an emergency fix before their planned October update.
bump
Interesting, I check my Plugins in Firefox 15.0 and my version of Java is 6 and it says there is no update available. It says JAVA(TM) Platform SE 6 U33 6.0.330.3. I don't think that is the JAVA plugin I should be concerned with?
Mine's been disabled since July....
Thanks
Okay, I just went and disable Java. Thank you
It appears you are OK (more or less) if you've not updated Java to 7 - my browsers are still at 6.x. As long as Java's not set to auto-update should be safe.
I didn't even realize I didn't have Java.
I have Java Deployment Toolkit 6.02.200.2 enabled
Platform SE 6 U20 6.2.00.2 is disabled
And you're deploying just what, and where?
Two words for Firefox users
No Script!
It is the best addon, it disables flash and java, and allows you to train it and set up exactly what sites you allow through and what sites you don't, once you train it, which can be time consuming, it's awesome.
-Æ
I love NoScript, too, but it's not for the casual user (e.g., my wife - it only serves to frustrate the begeezus out of her) or the faint of computer.
It is now being reported that a tech security firm alerted Oracle about the vulnerability four months ago.
source: http://dottech.org/tech-news/77910/oracle-knew-about-critical-java-vulnerabilities-four-months-prior-to-attack-says-security-firm/
Well, MS and Adobe behave in much the same way: If it ain't on fire, take your time.
Well, they might well have shot us (some of us, anyway) in the foot.
Glad you brought this up coffeegrinder! I missed it.
Don't know Doc. I haven't checked recently. Just found it there when I checked the add-ons. If I don't need it can I get rid of it?
Uvah... I'd just leave it alone. You can always pm yrag to ask the same question. Nothing urgent about it at the moment, though....as far as I can see.
Oracle has released the patch for this vulnerability: http://reviews.cnet.com/8301-13727_7-57503787-263/oracle-patches-java-7-vulnerability/
http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html
For W7x64:
http://www.oracle.com/technetwork/java/javase/downloads/jdk7u7-downloads-1836413.html
See my post here:
https://forums.wincustomize.com/430436
Amended the thread title...
Thanks for posting the update link Doc, and Jafo for updating the post title.
Question...Should I update to Java 7 then install the patch, which, in this case, is a JDK? I ask because that is where the dl button sent me, to the Java JDK 7u7.
1. Update your Java (that should have happened by itself over the past 2 weeks).
2. Download and apply the appropriate patch. You can see this thread to figure out which you need: https://forums.wincustomize.com/430436
There are many great features available to you once you register, including:
Sign in or Create Account
