Sign In
Create Account
Guest_James (Jim) Hillier_*
It all started with the news that Java 7 includes a flaw which literally invites zero-day exploits:
Several days later and Oracle issues updates for both Java 7 and Java 6 - obviously motivated by the widespread [bad] publicity to act outside its normal update regimen.Attackers have seized upon a security hole in Oracle’s ubiquitous Java software to break into vulnerable systems. Within days of its discovery it appears that the new zero day flaw could soon become widespread.
The original report from FireEye indicates that initial attacks exploiting this weakness, emanating from a Chinese web server, have been targeted and not widespread. However, subsequent information from security sources is suggesting that the exploit code is now public and being folded into more widely-available attack tools such as Metasploit and exploit kits like BlackHole (the most commonly used exploit pack utilized by criminals).
Now news is rife that the update issued to fix the flaw includes yet another new/different vulnerability… it appears that it will now be necessary for Oracle to issue a patch to patch the flaw in the patch which was issued to patch the flaw.
And on it goes.
Seriously, if you have no real need for Java, I strongly advise you to uninstall it asap.
If you absolutely cannot live without Java for certain sites; I suggest you disable the Java plug-in in your every-day broswer and utilize a secondary browser, with Java enabled, just to visit those sites only.
Back to top
