Billions of Computers Compromised in Zero Day Java Exploit

Thursday, September 27, 2012 - by Paul Lilly

Tread carefully on the Internet, surf ninja. That's always sound advice, but it's especially important now to be extra cautious, particularly if you use Java. Researchers at Security Explorations discovered a zero-day exploit in multiple versions of Java that could affect over a billion PCs around the globe.

Technical details of the exploit are still being withheld, but what we do know is that it affects Java Standard Edition (SE) versions 5, 6, and 7. It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are safe from what takes place inside the Virtual Machine.

Security Explorations said it conducted successful tests of the exploit on Java SE 5 Update 22, Java SE 6 Update 35, and Java SE 7 Update 7, all using a fully patched install of Windows 7 32-bit and on nearly half a dozen web browsers, including Firefox 15.0.1, Google Chrome 21.0.1180.89, Internet Explorer 9.0.8112.16421 (update 9.0.10), Opera 12.02 (build 1578), and Safari 5.1.7 (3534.57.2).

"We hope that a news about one billion users of Oracle Java SE software being vulnerable to yet another security flaw is not gonna spoil the taste of Larry Ellison's morning...Java," quipped Adam Gowdiak, CEO of Security Explorations.

Zing!

Via: Seclists.org | News Archive | Tags: Malware, security, JavaScript, Java, Zero Day

View forum thread

Comments

By thunderdan602 on Sep 27, 2012

I am no software expert, but would this exploit affect a machine running a 64 bit OS? And also, how can a person find out if their affected and if so, how to fix it.

By realneil on Sep 27, 2012

This crap will never quit.

By 3vi1 on Sep 28, 2012

> This crap will never quit.

True dat, reilneil. If not a pre-req for my kids to run Minecraft, I would have uninstalled Java from every machine in my house long ago.

When I write software, I try to make it cross-platform, but I never even consider writing it in Java anymore.

Why is it that everything Oracle touches turns to crap? And could I get some people working on some open-source USB extensions for an open-source version of VirtualBox please?

P.S.: Love the Dr. Evil icon Paul!

By Super Dave on Sep 28, 2012

thunderdan602:
would this exploit affect a machine running a 64 bit OS?

Both 32 and 64-bit systems are affected, Dan.

By JOMA on Sep 28, 2012

I never, ever install Java on any systems. It's just not worth the risk. I don't even install Adobe products except on virtual machines that use Sandbox software.

By realneil on Sep 28, 2012

JOMA:
I never, ever install Java on any systems. It's just not worth the risk. I don't even install Adobe products except on virtual machines that use Sandbox software.

That may not be enough protection if I'm reading the article right,.......

" It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are safe from what takes place inside the Virtual Machine."

This negates the whole idea behind using a sandbox for protection.

By fat78 on Oct 1, 2012

I think he means that he only installs adobe in sandbox, and doesn't install java at all.

By MSaxena on Oct 10, 2012

i really like that you are giving information on core and advance java concepts. i found your information very helpful indeed.thanks for it.

	Replies
California Teen's Supercapacitor...	7
Nintendo Demanding Copyright Royalties...	7
GIF Creator Wins Webby Lifetime...	6
Bill Gates Once Again World's Wealthiest...	6
IT Departments Resist Deploying Windows...	5
Google Glass Creeping Out Friends and...	5
Archos Hits The $200 Spot With 8-Inch 80...	5

Subscribe to HH News Alerts!	Preview