Billions of Computers Compromised in Zero Day Java Exploit

Billions of Computers Compromised in Zero Day Java Exploit

Tread carefully on the Internet, surf ninja. That's always sound advice, but it's especially important now to be extra cautious, particularly if you use Java. Researchers at Security Explorations discovered a zero-day exploit in multiple versions of Java that could affect over a billion PCs around the globe.

Technical details of the exploit are still being withheld, but what we do know is that it affects Java Standard Edition (SE) versions 5, 6, and 7. It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are safe from what takes place inside the Virtual Machine.


Security Explorations said it conducted successful tests of the exploit on Java SE 5 Update 22, Java SE 6 Update 35, and Java SE 7 Update 7, all using a fully patched install of Windows 7 32-bit and on nearly half a dozen web browsers, including Firefox 15.0.1, Google Chrome 21.0.1180.89, Internet Explorer 9.0.8112.16421 (update 9.0.10), Opera 12.02 (build 1578), and Safari 5.1.7 (3534.57.2).

"We hope that a news about one billion users of Oracle Java SE software being vulnerable to yet another security flaw is not gonna spoil the taste of Larry Ellison's morning...Java," quipped Adam Gowdiak, CEO of Security Explorations.

Zing!
0
+ -

I am no software expert, but would this exploit affect a machine running a 64 bit OS? And also, how can a person find out if their affected and if so, how to fix it.

+1
+ -

This crap will never quit.

0
+ -

> This crap will never quit.

True dat, reilneil. If not a pre-req for my kids to run Minecraft, I would have uninstalled Java from every machine in my house long ago.

When I write software, I try to make it cross-platform, but I never even consider writing it in Java anymore.

Why is it that everything Oracle touches turns to crap? And could I get some people working on some open-source USB extensions for an open-source version of VirtualBox please?

P.S.:  Love the Dr. Evil icon Paul!

0
+ -

thunderdan602:
would this exploit affect a machine running a 64 bit OS?

Both 32 and 64-bit systems are affected, Dan.

0
+ -

I never, ever install Java on any systems.  It's just not worth the risk. I don't even install Adobe products except on virtual machines that use Sandbox software.

0
+ -

JOMA:
I never, ever install Java on any systems.  It's just not worth the risk. I don't even install Adobe products except on virtual machines that use Sandbox software.

That may not be enough protection if I'm reading the article right,.......

" It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are safe from what takes place inside the Virtual Machine."

This negates the whole idea behind using a sandbox for protection.

0
+ -

I think he means that he only installs adobe in sandbox, and doesn't install java at all.

0
+ -

i really like that you are giving information on core and advance java concepts. i found your information very helpful indeed.thanks for it.

Login or Register to Comment
Post a Comment
Username:   Password: