Overclock.net banner

[TR] Disable Java NOW, 0-Day Exploit Hits Web.

18K views 204 replies 95 participants last post by  .:hybrid:. 
#1 ·
X0Viu.jpg


http://www.theregister.co.uk/2012/08/27/disable_java_to_block_exploit/
Quote:
All operating systems, browsers vulnerable.

A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild - and because of Oracle's Java patch schedule, it may be some time before a fix becomes widely available.
The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday.
Quick note, Chrome's sandbox will NOT protect you from it.
 
See less See more
1
#4 ·
doh.gif
 
#5 ·
Where did you get the picture from? The source says that this vulnerability only exists in version 1.7 or later but the picture you posted shows a threat detected in JRE 1.6.
 
#8 ·
A cunning plan if you had found such a vunerability would be to set up a bunch of pages that hit the top of a Google search for "disable Java in {browser}" and infect them.

Then "leak" information to several news sites and watch the carnage...
 
#9 ·
Likely not dangerous on Windows 8. Yes, I know, the article says all operating systems. Many don't consider Windows 8 a released operating system yet.
 
#11 ·
Quote:
Originally Posted by Stealth Pyros View Post

Likely not dangerous on Windows 8. Yes, I know, the article says all operating systems. Many don't consider Windows 8 a released operating system yet.
It's a Java exploit..... the JVM can escalate it's security permissions and you can execute almost anything within the JVM. So it is dangerous on W8 since Java does support W8.

Since this is a Java 7 issue, users can just remove Java 7 if installed and revert to Java 6?
 
#12 ·
Quote:
Originally Posted by DuckieHo View Post

Quote:
Originally Posted by Stealth Pyros View Post

Likely not dangerous on Windows 8. Yes, I know, the article says all operating systems. Many don't consider Windows 8 a released operating system yet.
It's a Java exploit..... the JVM can escalate it's security permissions and you can execute almost anything within the JVM.

So it is dangerous on W8 since Java does support W8.
Yea, the exploit can still break out of the JVM almost assuredly on W8, the only upside is that it may not be able to elevate privileges in W8 to get past UAC (arbitrary code, admin or not though is scary). I wouldn't take the risk, but someone should suicide a W8 VM to see what happens?
tongue.gif


I am unafected though, don't even have Java installed, and even when I normally do I have the plugin disabled in browser.
 
#14 ·
so whats the general concensus

Dont bother with this if I go to the same old specific websites?

or Will I have to take a look at what version I am running and tell Java to not update anymore lol

Or should I go further and completely remove it for now etc.

I sent this information to my companies partners and Technical Supervisor, I have No idea if our clients are set for Java updates etc.

We also Run ESET here at the office and for Most of our Managed Services Clients, hope ESET keeps em safe
 
#16 ·
Quote:
Originally Posted by DuckieHo View Post

It's a Java exploit..... the JVM can escalate it's security permissions and you can execute almost anything within the JVM. So it is dangerous on W8 since Java does support W8.
Since this is a Java 7 issue, users can just remove Java 7 if installed and revert to Java 6?
Assuming this exploit targets a Java 7 specific vulnerability...

Unfortunately, not enough information has been provided about this exploit for us to make this assumption.

Quote:
Originally Posted by dave12 View Post

Uncheck the enable Javascript button in firefox?
Java != Javascript
 
#19 ·
Quote:
Originally Posted by LongRod View Post

Just disabled Java (not Javascript) in Chrome.

It has to be a pretty bad exploit, if Chrome's sandbox can't catch it. :/
How do you disable it in chrome?
 
#21 ·
Quote:
Originally Posted by White Fire View Post

How do you disable it in chrome?
Type in: "chrome://plugins/" into the address bar (no speech marks). Scroll down to Java and click disable.

And for good measure, Opera.

Type in "opera:plugins" into the address bar (no speech marks). Scroll down to Java(TM) Platform Disable. Java Deployment Toolkit Disable.
 
#22 ·
Quote:
Originally Posted by frickfrock99 View Post

Quote:
Originally Posted by White Fire View Post

How do you disable it in chrome?
Type in: "chrome://plugins/" into the address bar (no speech marks). Scroll down to Java and click disable.
thanks
 
#23 ·
so yah, should I just go ahead and disable it or not worry if I dont prowl aroudn various websites?
 
#24 ·
Quote:
Originally Posted by Stealth Pyros View Post

Likely not dangerous on Windows 8. Yes, I know, the article says all operating systems. Many don't consider Windows 8 a released operating system yet.
Windows 8 doesn't use different Java runtimes.
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top