Latest JAVA Flaw Exploited Widely Within Days
This flaw affects all versions of Oracle's JAVA 7 (v1.7) on all supported platforms. Interestingly, JAVA 6 and earlier don't have this flaw. Crucially, Oracle have not yet made a patch available, hence making this a zero-day exploit. Oracle has a bad track record of releasing timely patches and it's next scheduled update for JAVA is a long time away, on October 16, 2012. However, with all the bad publicity that this exploit is generating, hopefully they'll release a patch sooner.
The attack will soon be added to infamous malware, Blackhole Exploit Kit, if it hasn't been done so already and will allow an attacker to take over a machine. It's recommended that JAVA be either uninstalled from the PC, or browser integration disabled, to mitigate the threat. Running quality internet security software will also help to guard against this threat.
Need to access intranet pages that require Java in your browser? Use your client firewall to disallow access to non-intranet resources for javaw.exe (on Windows).
Posted by | Mon, Aug 27, 2012 - 08:56 PM