Disable Java NOW, users told, as 0-day exploit hits web!!!!


Plata O Plomo
Dec 28, 2008
All operating systems, browsers vulnerable
By Neil McAllister in San FranciscoGet more from this author
Posted in Security, 27th August 2012 23:42 GMT
A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle's Java patch schedule, it may be some time before a fix becomes widely available.
The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday, while PCs with Java versions 1.6 or earlier installed are not at risk.
The vulnerability allows attackers to use a custom web page to force systems to download and run an arbitrary payload – for example, a keylogger or some other type of malware. The payload does not need to be a Java app itself.

In the form in which it was discovered, the exploit only works on Windows machines, because the payload that it downloads is a Windows executable. But the hackers behind the Metasploit penetration testing software say they have studied the exploit and found that it could just as easily be used to attack machines running Linux or Mac OS X, given the appropriate payload.
All browsers running on these systems were found to be vulnerable if they had the Java plugin installed, including Chrome, Firefox, Internet Explorer, Opera, and Safari.
Although the actual source of the exploit is not known, it was originally discovered on a server with a domain name that resolved to an IP address located in China. The malware it installed on compromised systems attempted to connect to a command-and-control server believed to be located in Singapore.
Oracle has yet to comment on the vulnerability or when users should expect a fix, but it might be a while. The database giant ordinarily observes a strict thrice-annual patch schedule for Java, and the next batch of fixes isn't due until October 16.
Downgrading to an earlier version of Java is not advised, because even though earlier versions aren't vulnerable to this particular exploit, they may contain other bugs that expose still other vulnerabilities.
In advance of any official patch, and because of the seriousness of the vulnerability, malware researchers at DeepEnd Research have developed an interim fix that they say seems to prevent the rogue Java code from executing its payload, although it has received little testing.
Because the patch could be used to develop new exploits if it fell into the wrong hands, however, DeepEnd Research is only making it available by individual request to systems administrators who manage large numbers of clients for companies that rely on Java.
For individual users, the researchers say, the best solution for now is to disable the Java browser plugin until Oracle issues an official patch. ®
Mother fucker.


Darkness always says hello.
Feb 20, 2006
I followed the FF instructions via reddit and I have nothing in plugins with Java in the title, is that possible?


Plata O Plomo
Dec 28, 2008
I just spent the last ten minuets walking my step dad through the process of disabling Java for IE. Every time I bring up him switching to Firefox he gets pissed off for some reason. I tell him it's more secure, he doesn't care.


PR representative for Drunk Whiskeyguy.
Jan 12, 2010
Northern California
In Chrome all I could find was the following:

Java (2 files) - Version:

Is that what I'm looking for? Everyone's talking about "1.7", but would that be identified as "10.7"?

Konstantin K

Big League Poster
Aug 25, 2010
In my PlugIns I have Java Deployment Toolkit 6.0.330.3 and Java (TM) Platform SE 6 U33 6.033.3. Is that something I should be concerned about?

Norm Stansfield

Mar 17, 2009
Oh for fuck's sake, it's just another vulnerability. I'm sure it's not the only one on pretty much any device. There aren't even any large scale attacks exploiting it yet.

If you're gonna disable a piece of software every time there's a vulnerability, you might as well just disconnect from the Internet.
Top Bottom