[SOLVED] Java 7 security vulnerabilities.

Post by **UnAfraid** » Thu Aug 30, 2012 4:57 pm

There was discovered some java 7 security vulnerability which allows Remote Code Execution exploit i would suggest you to disable temporarily Java 7 plugin in your browser until oracle provide a patch.

Information: http://www.informationweek.com/security ... /240006535

Post by **MELERIX** » Thu Aug 30, 2012 8:21 pm

the first time that I readed this, I was thinking the exploit works just having Java installed and nothing more.

but no... after read about this in other security websites, and the CVE-2012-4681, I can say that the exploit is not a exploit at all, is just a malware that use some Java 7 features, and require user intervention to install a plugin (applet) from a malicious website.

also the applet doesn't contain a digital signature, so the user will see a pop-up before trying to install it.

in short words you just need to be really unfriendly with computers in order to decide install it by yourself and manually something unknown, leaving your machine vulnerable to others xD

anyway, this is already fixed in Java SE 7u7, so just update

http://www.oracle.com/technetwork/java/ ... index.html

jurchiks · Post by **jurchiks** » Sat Sep 01, 2012 9:51 am

http://arstechnica.com/security/2012/08 ... west-java/
More flaws and and arguably a much more serious bug in Update 7!
I'd think twice before updating.

Post by **UnAfraid** » Wed Sep 26, 2012 7:14 pm

Actually it end up worse now they found vuln since java 5

http://blogs.computerworld.com/malware- ... users-risk

Soo if u didn't disabled java plugin in your browser before now is the time to do it

jurchiks · Post by **jurchiks** » Wed Sep 26, 2012 7:58 pm

Or switch to OpenJDK, maybe they don't have that bug or have fixed it.

Post by **MELERIX** » Wed Sep 26, 2012 8:01 pm

OpenJDK have the same bug xD

anyway you just need to disable plugin from browser temporally (until Java update is released), not whole Java.

it probably will be fixed in next version of Java that will be released in Oct 16, I hope.

jurchiks · Post by **jurchiks** » Wed Sep 26, 2012 8:19 pm

probably... I hope

Yeah...

Post by **MELERIX** » Tue Oct 16, 2012 9:22 pm

issue is fixed in Java SE 7u9, released today (Oct 16)

Update Release Notes: http://www.oracle.com/technetwork/java/ ... 63279.html

Post by **UnAfraid** » Sat Mar 02, 2013 1:28 pm

And here we go again http://blog.fireeye.com/research/2013/0 ... day-2.html (Thanks lion)

Post by **Zoey76** » Sat Mar 02, 2013 2:16 pm

UnAfraid wrote:And here we go again http://blog.fireeye.com/research/2013/0 ... day-2.html (Thanks lion)

Their fixes are starting to look like mine

Post by **MELERIX** » Sat Mar 02, 2013 3:46 pm

Java plugin is turning as Flash Player xD

I guess Update 17 will come soon, probably during march, lol.

Post by **MELERIX** » Tue Mar 05, 2013 1:07 am

issue fixed in Java 7 Update 17: http://www.oracle.com/technetwork/java/ ... index.html

Release Notes: http://www.oracle.com/technetwork/java/ ... 15289.html

Citizen · Post by **Citizen** » Wed Mar 06, 2013 2:07 am

Interesting info

L2J Server

[SOLVED] Java 7 security vulnerabilities.

[SOLVED] Java 7 security vulnerabilities.

Re: Java 7 security vulnerabilities.

Re: Java 7 security vulnerabilities.

Re: Java 7 security vulnerabilities.

Re: Java 7 security vulnerabilities.

Re: Java 7 security vulnerabilities.

Re: Java 7 security vulnerabilities.

Re: Java 7 security vulnerabilities.

Re: [SOLVED] Java 7 security vulnerabilities.

Re: [SOLVED] Java 7 security vulnerabilities.

Re: [SOLVED] Java 7 security vulnerabilities.

Re: [SOLVED] Java 7 security vulnerabilities.

Re: [SOLVED] Java 7 security vulnerabilities.