Java is quickly becoming a target for those who want to do evil. A new zero day exploit is in the wild and it’s being used by criminals. It’s documented here. It’s apparently being used for evil as we speak:
The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.
The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.
According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10. This information could not be immediately verified, but if you have Java installed, it would be a very good idea to unplug Java from your browser, or uninstall this program entirely if you don’t need it.
Lovely. Seeing as this is the latest in a number of holes in Java, perhaps it’s time to ditch Java completely. It’s becoming clear that Oracle cannot keep Java secure.
UPDATE: MacRumors is reporting that Apple through it’s anti marware application built into OS X is disabling it on Macs with Java installed. So it sounds like Tim Cook and company have made the choice easy for Mac users by not giving them any choice at all.
Like this:
Like Loading...
Related
This entry was posted on January 10, 2013 at 10:19 pm and is filed under Commentary with tags Java, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Java Has A New Zero Day Exploit….. Disable Java NOW! [UPDATED]
Java is quickly becoming a target for those who want to do evil. A new zero day exploit is in the wild and it’s being used by criminals. It’s documented here. It’s apparently being used for evil as we speak:
The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.
The curator of Blackhole, a miscreant who uses the nickname “Paunch,” announced yesterday on several Underweb forums that the Java zero-day was a “New Year’s Gift,” to customers who use his exploit kit. Paunch bragged that his was the first to include the powerful offensive weapon, but shortly afterwards the same announcement was made by the maker and seller of Nuclear Pack.
According to both crimeware authors, the vulnerability exists in all versions of Java 7, including the latest — Java 7 Update 10. This information could not be immediately verified, but if you have Java installed, it would be a very good idea to unplug Java from your browser, or uninstall this program entirely if you don’t need it.
Lovely. Seeing as this is the latest in a number of holes in Java, perhaps it’s time to ditch Java completely. It’s becoming clear that Oracle cannot keep Java secure.
UPDATE: MacRumors is reporting that Apple through it’s anti marware application built into OS X is disabling it on Macs with Java installed. So it sounds like Tim Cook and company have made the choice easy for Mac users by not giving them any choice at all.
Share this:
Like this:
Related
This entry was posted on January 10, 2013 at 10:19 pm and is filed under Commentary with tags Java, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.