New Java Zero-Day Exploit Hits

Sue Marquette Poremba

I’ve lost track of how many times I’ve asked security experts about Java’s security problems. I don’t know why I bother anymore because the answer is always the same: Uninstall it from your computer.

However, I suspect most people don’t do that. I know I almost never think about Java until I see a pop-up that tells me that I need Java when I visit a website while using the computer without Java installed or I get a Java update alert on a computer I rarely use.

If you need another reminder about why you might want to consider uninstalling Java, one arrived in my email today, courtesy of Rapid7, which stated:

A Java zero-day surfaced Sunday night. Currently, there is no patch for this vulnerability and Rapid7 is recommending that users take this vulnerability seriously and completely disable Java until a fix is available.

The Rapid7 alert was followed up by FireEye, which reported:

New Java zero-day vulnerability has been spotted in the wild. We have seen this unpatched exploit being used in limited targeted attacks. Most of the recent Java run-time environments i.e., JRE 1.7x are vulnerable. In my lab environment, I was able to successfully exploit my test machine against latest version of FireFox with JRE version 1.7 update 6 installed.

An infected computer could be used as a drone for a malware botnet, according to ZDNet

No one knows when Oracle will release a patch for this new vulnerability in Java, which is why Rapid7 suggests disabling Java for the time being (or maybe for good?). But is that a course that IT pros will want to tackle? On the other hand, is it worth the risk to company computers to not disable Java?

Like I said earlier, this new zero-day vulnerability may be the one that triggers a discussion on whether or not Java is worth the hassle and the security risk.


Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 



Add Comment      Leave a comment on this blog post
Oct 10, 2012 5:14 AM sarabjeets sarabjeets  says:
i really like that you are giving information on core and advance java concepts. Being enrolled at http://www.wiziq.com/course/1779-core-and-advance-java-concepts i found your information very helpful indeed.thanks for it. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.