A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild - and because of Oracle's Java patch schedule, it may be some time before a fix becomes widely available.
The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday.
Where did you get the picture from? The source says that this vulnerability only exists in version 1.7 or later but the picture you posted shows a threat detected in JRE 1.6.
A cunning plan if you had found such a vunerability would be to set up a bunch of pages that hit the top of a Google search for "disable Java in {browser}" and infect them.
Then "leak" information to several news sites and watch the carnage...
Likely not dangerous on Windows 8. Yes, I know, the article says all operating systems. Many don't consider Windows 8 a released operating system yet.
It's a Java exploit..... the JVM can escalate it's security permissions and you can execute almost anything within the JVM. So it is dangerous on W8 since Java does support W8.
Since this is a Java 7 issue, users can just remove Java 7 if installed and revert to Java 6?
Yea, the exploit can still break out of the JVM almost assuredly on W8, the only upside is that it may not be able to elevate privileges in W8 to get past UAC (arbitrary code, admin or not though is scary). I wouldn't take the risk, but someone should suicide a W8 VM to see what happens?
I am unafected though, don't even have Java installed, and even when I normally do I have the plugin disabled in browser.
It's a Java exploit..... the JVM can escalate it's security permissions and you can execute almost anything within the JVM. So it is dangerous on W8 since Java does support W8.
Since this is a Java 7 issue, users can just remove Java 7 if installed and revert to Java 6?
No, do not disable Javascript.
Just follow these steps.
Press Firefox button -> Add-ons, go to Plugins and click the "Disable" button next to anything named "Java".
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Related Threads
?
?
?
?
?
Ask a question
Ask a question
Overclock.net
27.8M posts
541.5K members
Since 2004
A forum community dedicated to overclocking enthusiasts and testing the limits of computing. Come join the discussion about computing, builds, collections, displays, models, styles, scales, specifications, reviews, accessories, classifieds, and more!