Search
Sign in with
Sign up | Sign in
29 comments

Java Recommended To Be Disabled Because of New Exploit

By - Source: @kafeine

A security researcher is urging users to disable their Java plugin immediately due to a newly discovered vulnerability and exploit that was spotted in the wild.

@kafeine was first to report the exploit, which was then successfully reproduced by Jaime Blasco from security software company AlienVault. Blasco wrote that he was able to "trick" the malicious Java applet, which, according to @kafeine is distributed via a site with "hundreds of thousands of hits daily"  to execute the calc.exe in their lab.

There is not much information about the vulnerability and exploit available at this time, but Blasco wrote that the exploit is probably bypassing certain security checks by tricking the permissions of certain Java classes as we saw in CVE-2012-4681. The only defense against the issue is to disable the Java browser plugin, Blasco said.

 

Contact Us for News Tips, Corrections and Feedback

You need to be logged to post a comment

There are 29 Comments. B
Top Comments
  • 20 Ð
    Camikazi , January 11, 2013 9:07 PM
    ss202slWe have an application at the office that relies on Java. One of our managers told all his employees to disable java, and later me that there was an issue with the server because the App wasn't working.

    Yay for managers who doesn't know how things work!
  • 20 Ð
    ss202sl , January 11, 2013 9:02 PM
    We have an application at the office that relies on Java. One of our managers told all his employees to disable java, and later me that there was an issue with the server because the App wasn't working.
  • 16 Ð
    tokencode , January 11, 2013 8:52 PM
    CamikaziWait, again? Didn't they recommend you disable Java a few months ago cause of some vulnerability?


    Java is only safe to run during the first 1/4 phase of a waxing moon. You will need to wait until next month to run your poorly performing application with GUI that feels like it is from the 90's.
Other Comments
  • 13 Ð
    Camikazi , January 11, 2013 8:39 PM
    Wait, again? Didn't they recommend you disable Java a few months ago cause of some vulnerability?
  • 12 Ð
    mobrocket , January 11, 2013 8:40 PM
    Why hack java

    in america, there are so many people that willingly hand over any personal information u want.
    just say u are giving away some free
  • 7 Ð
    k7mm , January 11, 2013 8:45 PM
    Java uninstalled long ago
  • 16 Ð
    tokencode , January 11, 2013 8:52 PM
    CamikaziWait, again? Didn't they recommend you disable Java a few months ago cause of some vulnerability?


    Java is only safe to run during the first 1/4 phase of a waxing moon. You will need to wait until next month to run your poorly performing application with GUI that feels like it is from the 90's.
  • 0 Ð
    anonymous@guest , January 11, 2013 8:59 PM
    Lol, tokencode. Brilliant.
  • 20 Ð
    ss202sl , January 11, 2013 9:02 PM
    We have an application at the office that relies on Java. One of our managers told all his employees to disable java, and later me that there was an issue with the server because the App wasn't working.
  • 20 Ð
    Camikazi , January 11, 2013 9:07 PM
    ss202slWe have an application at the office that relies on Java. One of our managers told all his employees to disable java, and later me that there was an issue with the server because the App wasn't working.

    Yay for managers who doesn't know how things work!
  • 9 Ð
    spartanmk2 , January 11, 2013 9:30 PM
    Just
    Another
    Virus
    Application

    :/ 
  • 9 Ð
    ddpruitt , January 11, 2013 10:18 PM
    If we had to disable every piece of software that has an exploit we would be able to turn on our computers. Exploits happen all the time I'm sure Oracle will patch this soon enough.

    The most important piece of any security system is the person using it.
  • 0 Ð
    Cryio , January 11, 2013 10:34 PM
    This flaw is in the Java 7 Update 10 x64 version? If yes...tough luck.
  • -5 Ð
    lradunovic77 , January 11, 2013 10:35 PM
    JAVA is dead, just waiting for a day when they officially say it is dead for good.
  • 7 Ð
    scannall , January 11, 2013 10:52 PM
    Between Java and Flash most computers are a security mess. Maybe it's time for them to go away.
  • 10 Ð
    dalethepcman , January 11, 2013 10:56 PM
    "Security experts recommend disabling your network card to remain safe on the internet"

    Or as many Toms readers have found out. Use noscript, ghostery, flashblock, add block plus, and only load plugins when manually approved instead of on demand.

    Poof all the crappy advertisements disappear, and so do all the viruses, unless your stupid and intentionally load all the banner adds on every page.
  • -4 Ð
    dalethepcman , January 11, 2013 10:57 PM
    "Security experts recommend disabling your network card to remain safe on the internet"

    Or as many Toms readers have found out. Use noscript, ghostery, flashblock, add block plus, and only load plugins when manually approved instead of on demand.

    Poof all the crappy advertisements disappear, and so do all the viruses, unless your stupid and intentionally load all the banner adds on every page.
  • 4 Ð
    Camikazi , January 11, 2013 11:01 PM
    ddpruittIf we had to disable every piece of software that has an exploit we would be able to turn on our computers. Exploits happen all the time I'm sure Oracle will patch this soon enough.The most important piece of any security system is the person using it.

    Only problem is that they find a HUGE vulnerability with Java like every other version. I have been hearing about people recommending you disable java because of a vulnerability in the new version for years now.
  • 0 Ð
    anonymous@guest , January 11, 2013 11:08 PM
    No, Java can't really "die". It is the only fully Object-Oriented and portable language built from the ground up where C++ mimics OO acting as a wrapper for C (which is not at all OO). All application languages since Java are trying to mimic the Java syntax and design paradigm: C#, D, etc.
  • 7 Ð
    loneninja , January 11, 2013 11:50 PM
    lradunovic77JAVA is dead, just waiting for a day when they officially say it is dead for good.

    To say Java is dead is to say Android is dead, most apps require Java code to function and the core operating system probably does too. Java is a widely used programming language, it's not going away any time soon.
  • -2 Ð
    lradunovic77 , January 11, 2013 11:52 PM
    I meant JAVA as language for general purpose.
  • 0 Ð
    classzero , January 12, 2013 12:11 AM
    scannallBetween Java and Flash most computers are a security mess. Maybe it's time for them to go away.

    What language do you program Android with?
  • 1 Ð
    scannall , January 12, 2013 12:14 AM
    classzeroWhat language do you program Android with?


    I wasn't going to say that. I can't find my asbestos shirt and pants. ;-)
Display more comments
Related Content