DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 11th January 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default Zero day Java exploit being used in the wild

This effects all versions of Oracle Java (JRE 1.7 Update 10 and earlier), including both the JRE and JRE browser plugins.

From US DHS CERT:
Quote:
This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.

Impact


By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workarounds:


Disable Java in web browsers


Starting with Java 7 Update 10, it is possible to disable Java content in web browsers through the Java control panel applet. Please see the Java documentation for more details.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Security Oracle releases emergency fixes for Java 0day exploit J65nko News 0 30th August 2012 10:19 PM
Security New Adobe Reader zero-day in the wild J65nko News 1 8th December 2011 08:22 PM
Dev goes 'Wild' with H.264 Firefox J65nko News 0 19th May 2010 09:43 PM
Zero day exploit for Firefox 3.6 J65nko News 1 19th February 2010 06:58 PM
vbox: possible exploit Mr-Biscuit Other BSD and UNIX/UNIX-like 9 18th October 2008 06:33 PM


All times are GMT. The time now is 03:16 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick