TechSpot

New zero-day vulnerability in Java being widely exploited

By Jos
Jan 11, 2013
Post New Reply
  1. Yet another zero-day vulnerability in Java has reared its ugly head, and according to security researchers, early indications suggest it is already being 'widely exploited' by malicious sites.

    Read more
     
  2. For the love of God...let Java die already! I've uninstalled it many months ago and have been happy with how much faster my browser works!
     
  3. Okay, we'll just call up java, tell them to let their platform die, although it runs so many different things, not just your web browser, like your phone for instance, no matter if it's iphone or android or anything else for that matter, chances are, it needs java in some form to run.

    Java is pretty much the backbone of so many things we use in our day to day lives, which is why people exploit it and use it for their personal gain, it's not just for web browsing, it has other practical uses.

    also, not to mention how many jobs would be lost at Oracle if they decided to stop using the platform, which is a great employer in my country.

    So no, we can't just let java die, their existence does more for technology than you do.
     
    avoidz likes this.
  4. Per Hansson

    Per Hansson TS Server Guru Posts: 1,933   +126 Staff Member

    Well letting Java die would be a bit over the top.
    But as a platform in your browser I feel that just like Adobe's Flash Oracle's Java has run it's course.

    I have several applications that require Java:
    APC UPS monitoring software
    LSI MegaRAID Storage Manager
    Supermicro IPMIView

    Obviously I can't live without these programs, and they control and or monitor hardware which costs allot of money. Simply getting rid of Java is not the solution here.

    But you know what, I just uninstalled the Java runtime from my machine, and these programs work just fine anyway.
    That's because they bundle Java in their installation directories, now that itself is a real security problem. (Do you ever think they care to upgrade the included Java, and how many Java versions are actually installed on my system, but that's for another discussion)

    Since I uninstalled Java the attack vector is gone, the browser can no longer use Java and therefore in that view Java is no longer running on my machine.
    But my programs that actually depend on Java still runs just fine, so I'm a happy camper :)
     
    H3llion likes this.
  5. TomSEA

    TomSEA TechSpot Chancellor Posts: 2,386   +425

    That's some good info - thanks Per Hansson!
     
  6. Gareis

    Gareis TS Member Posts: 73   +14

  7. Of note: Java and JavaScript (the latter used for web pages) are not the same thing. I'm not sure if the story makes that distinction. If you wish to uninstall Java, you can do it via the "add/remove program" function. Good night and good luck :)
     
  8. This bug only affects Java 7 so you could simply uninstall Java 7 and install the latest update of Java 6 from https://www.java.com/en/download/manual_v6.jsp

    I have to use Java 6 because one of my employer's software programs doesn't yet support Java 7.
     
  9. Camikazi

    Camikazi TS Enthusiast Posts: 370   +70

    I do believe that the last Zero Day bug found in Java affected Java 5, 6 and 7 and has not been fixed yet so you're not safe yet.
     
  10. avoidz

    avoidz TS Maniac Posts: 454   +54

    With so many applications using Flash and Java in the tech world, I don't see either going away anytime soon. Despite all the villagers with pitchforks around here.
     
  11. Per Hansson

    Per Hansson TS Server Guru Posts: 1,933   +126 Staff Member

    Continuing my post above apparently Java now has a feature where you in their control panel can disable browser support.
    Very good addition!
    So if you like me depend on allot of programs that require Java, but unlike my examples they don't bundle Java in their installation directories. Then this new button is for you :) http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html#disable
    Source and further reading: https://isc.sans.edu/diary/Java is still exploitable and is likely going to remain so./14899
    https://isc.sans.edu/diary/Java 0-day impact to Java 6 and beyond /14917
     
    Matthew and havok585 like this.
     
  12. Darth Shiv

    Darth Shiv TS Evangelist Posts: 1,184   +177

    Yes this is the absolute best case for me going forward... most likely scenario is complete java removal unless some 3rd party software requires it and even then, will be targeting hardware that does not have java based support software if possible.
     
  13. learninmypc

    learninmypc TS Evangelist Posts: 5,447   +242

  14. Per Hansson

    Per Hansson TS Server Guru Posts: 1,933   +126 Staff Member

  15. Oracle not interesting this bug, just infected java installer downloadable from link and install millions, Oracle says not our problem, thats your problem, why installed, nobody told you must.
    Shame on Oracle, let allow virus infected Java download.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.