An extremely nasty zero-day exploit in Oracle's Java runtime was just discovered:
http://secunia.com/advisories/50133It allows for arbitrary execution of native (non-Java) code on the victim's machine. The user merely needs to visit a page, frame, etc. containing a hostile java applet in any browser that has the Oracle Java plugin enabled. This is a cross-browser, cross-platform vulnerability in the JRE itself. If you use Oracle's Java plugin, you are vulnerable regardless of browser or OS.
That being said, most Mac users are probably using Apple's JRE, and most Linux users are probably using OpenJDK these days. You should verify this before assuming you are safe, of course.
If Oracle's past behavior holds, it is unlikely that this bug will be patched until mid-October. For the time being, the only way to protect yourself is to either uninstall Oracle's JRE, or disable the browser plugin component.
Chrome:
Go to "chrome://plugins" in your browser
IE:
Click the gear icon, then "manage add-ons"
Firefox:
Main menu > Add-ons > Plugins
Opera:
Beats the hell out of me.
I would strongly urge doing this unless you absolutely must have in-browser support for Java applets. Alternatively, if you say, use Chrome for browsing, you could disable it in Chrome and leave it enabled in Firefox. Use Firefox only for loading specific, known safe pages that require Java. Default NoScript behavior also blocks plugin content without user intervention, which mitigates the potential that you might run hostile Java code in the first place.
Login
Register
FAQ
Search
