Billions of Computers Compromised in Zero Day Java Exploit

rated by 0 users
This post has 8 Replies | 2 Followers

Top 10 Contributor
Posts 24,867
Points 1,116,115
Joined: Sep 2007
ForumsAdministrator
News Posted: Thu, Sep 27 2012 9:47 AM
Tread carefully on the Internet, surf ninja. That's always sound advice, but it's especially important now to be extra cautious, particularly if you use Java. Researchers at Security Explorations discovered a zero-day exploit in multiple versions of Java that could affect over a billion PCs around the globe.

Technical details of the exploit are still being withheld, but what we do know is that it affects Java Standard Edition (SE) versions 5, 6, and 7. It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are safe from what takes place inside the Virtual Machine.


Security Explorations said it conducted successful tests of the exploit on Java SE 5 Update 22, Java SE 6 Update 35, and Java SE 7 Update 7, all using a fully patched install of Windows 7 32-bit and on nearly half a dozen web browsers, including Firefox 15.0.1, Google Chrome 21.0.1180.89, Internet Explorer 9.0.8112.16421 (update 9.0.10), Opera 12.02 (build 1578), and Safari 5.1.7 (3534.57.2).

"We hope that a news about one billion users of Oracle Java SE software being vulnerable to yet another security flaw is not gonna spoil the taste of Larry Ellison's morning...Java," quipped Adam Gowdiak, CEO of Security Explorations.

Zing!
  • | Post Points: 50
Top 200 Contributor
Posts 331
Points 2,415
Joined: Sep 2011

I am no software expert, but would this exploit affect a machine running a 64 bit OS? And also, how can a person find out if their affected and if so, how to fix it.

  • | Post Points: 35
Top 10 Contributor
Posts 8,436
Points 102,150
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Thu, Sep 27 2012 8:55 PM

This crap will never quit.

Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.

(Mark Twain)

  • | Post Points: 20
Top 25 Contributor
Posts 3,413
Points 46,555
Joined: Nov 2005
Location: Metropolis
ForumsAdministrator
Moderator

thunderdan602:
would this exploit affect a machine running a 64 bit OS?

Both 32 and 64-bit systems are affected, Dan.

 SPAM-posters beware! ®

  • | Post Points: 20
Top 500 Contributor
Posts 309
Points 2,990
Joined: Mar 2011
JOMA replied on Fri, Sep 28 2012 7:16 AM

I never, ever install Java on any systems.  It's just not worth the risk. I don't even install Adobe products except on virtual machines that use Sandbox software.

  • | Post Points: 20
Top 10 Contributor
Posts 8,436
Points 102,150
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Fri, Sep 28 2012 7:31 AM

JOMA:
I never, ever install Java on any systems.  It's just not worth the risk. I don't even install Adobe products except on virtual machines that use Sandbox software.

That may not be enough protection if I'm reading the article right,.......

" It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are safe from what takes place inside the Virtual Machine."

This negates the whole idea behind using a sandbox for protection.

Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.

(Mark Twain)

  • | Post Points: 5
Top 10 Contributor
Posts 5,048
Points 60,675
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Fri, Sep 28 2012 7:51 PM

> This crap will never quit.

True dat, reilneil. If not a pre-req for my kids to run Minecraft, I would have uninstalled Java from every machine in my house long ago.

When I write software, I try to make it cross-platform, but I never even consider writing it in Java anymore.

Why is it that everything Oracle touches turns to crap? And could I get some people working on some open-source USB extensions for an open-source version of VirtualBox please?

P.S.:  Love the Dr. Evil icon Paul!

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

Top 100 Contributor
Posts 1,099
Points 13,965
Joined: Jun 2010
fat78 replied on Mon, Oct 1 2012 10:40 AM

I think he means that he only installs adobe in sandbox, and doesn't install java at all.

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: Oct 2012
MSaxena replied on Wed, Oct 10 2012 7:24 AM

i really like that you are giving information on core and advance java concepts. i found your information very helpful indeed.thanks for it.

  • | Post Points: 5
Page 1 of 1 (9 items) | RSS