Java Recommended To Be Disabled Because of New Exploit

By Wolfgang Gruener
published

A security researcher is urging users to disable their Java plugin immediately due to a newly discovered vulnerability and exploit that was spotted in the wild.

@kafeine was first to report the exploit, which was then successfully reproduced by Jaime Blasco from security software company AlienVault. Blasco wrote that he was able to "trick" the malicious Java applet, which, according to @kafeine is distributed via a site with "hundreds of thousands of hits daily"  to execute the calc.exe in their lab.

There is not much information about the vulnerability and exploit available at this time, but Blasco wrote that the exploit is probably bypassing certain security checks by tricking the permissions of certain Java classes as we saw in CVE-2012-4681. The only defense against the issue is to disable the Java browser plugin, Blasco said.

Contact Us for News Tips, Corrections and Feedback

Wolfgang Gruener
29 Comments Comment from the forums
  • Camikazi
    Wait, again? Didn't they recommend you disable Java a few months ago cause of some vulnerability?
    Reply
  • mobrocket
    Why hack java

    in america, there are so many people that willingly hand over any personal information u want.
    just say u are giving away some free
    Reply
  • k7mm
    Java uninstalled long ago
    Reply
  • tokencode
    CamikaziWait, again? Didn't they recommend you disable Java a few months ago cause of some vulnerability?
    Java is only safe to run during the first 1/4 phase of a waxing moon. You will need to wait until next month to run your poorly performing application with GUI that feels like it is from the 90's.
    Reply
  • Lol, tokencode. Brilliant.
    Reply
  • ss202sl
    We have an application at the office that relies on Java. One of our managers told all his employees to disable java, and later me that there was an issue with the server because the App wasn't working.
    Reply
  • Camikazi
    ss202slWe have an application at the office that relies on Java. One of our managers told all his employees to disable java, and later me that there was an issue with the server because the App wasn't working.Yay for managers who doesn't know how things work!
    Reply
  • spartanmk2
    Just
    Another
    Virus
    Application

    :/
    Reply
  • ddpruitt
    If we had to disable every piece of software that has an exploit we would be able to turn on our computers. Exploits happen all the time I'm sure Oracle will patch this soon enough.

    The most important piece of any security system is the person using it.
    Reply
  • Cryio
    This flaw is in the Java 7 Update 10 x64 version? If yes...tough luck.
    Reply