New Java Zero-Day Exploit Hits

Sue Marquette Poremba

I’ve lost track of how many times I’ve asked security experts about Java’s security problems. I don’t know why I bother anymore because the answer is always the same: Uninstall it from your computer.

However, I suspect most people don’t do that. I know I almost never think about Java until I see a pop-up that tells me that I need Java when I visit a website while using the computer without Java installed or I get a Java update alert on a computer I rarely use.

If you need another reminder about why you might want to consider uninstalling Java, one arrived in my email today, courtesy of Rapid7, which stated:

A Java zero-day surfaced Sunday night. Currently, there is no patch for this vulnerability and Rapid7 is recommending that users take this vulnerability seriously and completely disable Java until a fix is available.

The Rapid7 alert was followed up by FireEye, which reported:

New Java zero-day vulnerability has been spotted in the wild. We have seen this unpatched exploit being used in limited targeted attacks. Most of the recent Java run-time environments i.e., JRE 1.7x are vulnerable. In my lab environment, I was able to successfully exploit my test machine against latest version of FireFox with JRE version 1.7 update 6 installed.

An infected computer could be used as a drone for a malware botnet, according to ZDNet

No one knows when Oracle will release a patch for this new vulnerability in Java, which is why Rapid7 suggests disabling Java for the time being (or maybe for good?). But is that a course that IT pros will want to tackle? On the other hand, is it worth the risk to company computers to not disable Java?

Like I said earlier, this new zero-day vulnerability may be the one that triggers a discussion on whether or not Java is worth the hassle and the security risk.



Add Comment      Leave a comment on this blog post
Oct 10, 2012 5:14 AM sarabjeets sarabjeets  says:
i really like that you are giving information on core and advance java concepts. Being enrolled at http://www.wiziq.com/course/1779-core-and-advance-java-concepts i found your information very helpful indeed.thanks for it. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.