Quantcast

Maximum PC

It is currently Wed Jul 23, 2014 7:30 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Turn off your Java now - Dangerous vulnerability in 7.10
PostPosted: Fri Jan 11, 2013 7:24 am 
Clawhammer
Clawhammer
User avatar

Joined: Fri Sep 23, 2005 6:22 pm
Posts: 4406
Location: In the closet
The latest Java version, Java 7 Update 10 contains a critical security vulnerability which is reportedly already being used for large scale cyberattacks. Users who have Java installed on their computers should deactivate the Java plugin in their browsers without delay.

A malware researcher calling himself kafeine has discovered an online exploit which makes use of a previously unknown Java vulnerability. Security experts at AlienVault have analyzed the exploit and confirmed the significance of the find. They were able to use it to inject code onto a fully patched Windows system running Java 7 Update 10. It is currently unclear whether the vulnerability is also present in Java 6, though the exploit did not work in initial tests on Java 6 carried out by kafeine.

The vulnerability is, however, already being exploited by cybercriminals to distribute malware. Security blogger Brian Krebs says that attack modules for the Black Hole and Nuclear Pack exploit kits are already available. According to Krebs, a Black Hole developer calling himself "Paunch", posting on underground forums yesterday (Wednesday), heralded the zero day exploit as a New Year's gift for his paying customers.

Because the vulnerability, thanks to the various exploit kits, requires minimum effort to exploit, it is reasonable to expect that the number of web sites hosting the exploit is likely to rise exponentially over the next few days. Simply visiting an infected web site is all that's required to fall victim to a malware infection. The attack code may also be hosted on mainstream web sites.

Users should therefore deactivate the Java plugin in their browsers without delay. Instructions for doing so can be found on the following web pages:

Deactivating the Java plugin in Firefox

Deactivating the Java plugin in Chrome

Deactivating the Java plugin in Safari

In Opera, the plugin manager can be accessed by entering opera plugins in the address bar. Disabling Java under Internet Explorer is not straightforward. Tests carried out by our associates at heise Security found that Microsoft's flagship browser was still able to access the Java plugin even after it had been explicitly disabled. Users running IE are therefore advised to uninstall Java completely using the Add or Remove Programs option in Windows' Control Panel. Users can check whether Java has been successfully deactivated using the Java test page in our browser check suite.


Top
  Profile  
 
 Post subject: Re: Turn off your Java now - Dangerous vulnerability in 7.10
PostPosted: Sat Jan 12, 2013 8:44 am 
Clawhammer
Clawhammer
User avatar

Joined: Fri Sep 23, 2005 6:22 pm
Posts: 4406
Location: In the closet
Firefox update


Top
  Profile  
 
 Post subject: Re: Turn off your Java now - Dangerous vulnerability in 7.10
PostPosted: Sun Jan 20, 2013 5:02 pm 
8086
8086

Joined: Thu May 01, 2008 12:59 pm
Posts: 21
It's big news and I want to uninstall Java from my PC entirely, not just disable it, but I can't find it in my PC. I have Windows 8 Pro, 64 bit OS. I wish you would have provided us with the link to the check suite you mentioned.


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group