The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    WARNING: Super-critical Java zero-day exploits TWO bugs

    Discussion in 'Linux Compatibility and Software' started by Kyle, Sep 16, 2012.

  1. Kyle

    Kyle JVC SZ2000 Dual-Driver Headphones

    Reputations:
    1,758
    Messages:
    992
    Likes Received:
    575
    Trophy Points:
    106
    EDIT: It seems both Java 6 and 7 are affected by this, and patches dont exist yet.
    So I recommend disabling java jre altogether for the time being.
    Latest Java sandbox is still vulnerable - The H Security: News and Features
    Apple issues Java update to tackle zero day | ZDNet

    Super-critical Java zero-day exploits TWO bugs • The Register

    Also Researchers Find Critical Vulnerability in Java 7 Patch Hours After Release | PCWorld
     
  2. talin

    talin Notebook Prophet

    Reputations:
    4,694
    Messages:
    5,343
    Likes Received:
    2
    Trophy Points:
    205
    Java 6 FTW. I'm so glad I didn't upgrade.
     
  3. davidricardo86

    davidricardo86 Notebook Deity

    Reputations:
    2,376
    Messages:
    1,774
    Likes Received:
    109
    Trophy Points:
    81
    I use Java 7 mainly because I play Minecraft. I don't usually visit sites I don't trust. Currently I'm not using any type of anti-malware/spyware/virus software (although sometimes I do resort to MSE) and have not had any problems with my computer at all. Since I use SSDs with limited capacity, I keep my sensitive data on external HDDs.

    How would you know when you've been exploited? Do you think Oracle is already working on a patch for these vulnerabilities seeing as they knew about these since April? I would be shocked if they're not.
     
  4. JOSEA

    JOSEA NONE

    Reputations:
    4,013
    Messages:
    3,521
    Likes Received:
    170
    Trophy Points:
    131
    Thanks DexterMorgan I did the java version command in term, and I looked at software center (see .png files) If I click on OpenJDK Java 7 Runtime in software center I have the option to install it, SO I guess I am OK :confused:
    I am running 12.04 Ubuntu with all important and recommended updates
    Also has anyone else played BlobbyVolley 2 ?
    +1 to DexterMorgan
     

    Attached Files:

  5. EasyCruz

    EasyCruz Notebook Geek

    Reputations:
    108
    Messages:
    98
    Likes Received:
    4
    Trophy Points:
    16
    Java 6X……7X
    Didn’t use Java to much…But as of 8/28/12, its gone (deleted).
    All browsers (IE9, Google, Firefox) have Java disabled!
    NOTE: As stated in the 1st post, even the latest Java security patch update for 1.7X is NG!

    Java was once touted as the "write once, run anywhere" language. In theory, a single Java program could run on any Java-supporting platform. That dream never quite came to perfection, though, and these days Java is a favorite attack vector for hackers. The Flashback Trojan breached Macintosh computers via a Java vulnerability, for example. Just recently researchers at FireEye reported a new zero-day vulnerability in Java that's serious enough we should all just disable Java, pending a fix.

    That fix may not be quick in coming. Oracle runs on a strict four-month update cycle, and the next update isn't due until October 16th. FireEye recommends against downgrading to an earlier unaffected Java version, since older versions have their own vulnerabilities. So how do you go about disabling Java?

    Chrome users should start by entering chrome://plugins in the browser's address bar. Scroll down to Java and click the link to disable it. That was easy! The process is similar in Opera. First, enter about:config in the address bar. Click the Java heading to expand that section, un-check the checkbox, and click the Save button.

    Getting Java turned off for Internet Explorer isn't quite so easy. Researchers went through several scenarios that each individually should have handled the task, without success. Fortunately, there's a simple setting that will disable Java for IE and Firefox at once:

    • Open Control Panel and launch the Java applet. If you don't see it, switch to Classic View (in XP) or small icons (in Windows 7 or Vista).
    • Click the Advanced tab and expand the item titled Default Java for browsers.
    • Un-check the boxes for Microsoft Internet Explorer and for Mozilla family. You may need to click the item and press spacebar in order to clear the checkmarks.
    • Click OK and you're done.

    Yes, you'll occasionally run across a website that relies on Java, though current use of Java "is mainly reserved for web based games and online calculators." If necessary, you can temporarily enable Java for those sites. But you may be surprised at how little you miss it.
     
  6. PopLap

    PopLap Notebook Evangelist

    Reputations:
    22
    Messages:
    395
    Likes Received:
    0
    Trophy Points:
    30
    Great, just great, this is not what i need to hear right now, my school uses a UAC client program to allow acces to the internet and guess what it is Java base, and on top of that i needs to run in a web browser on the account it does not work with 64-bit OSs. Lets hope they figure this thing out fast or im going to need to start finding ways to get around it.
     
  7. JOSEA

    JOSEA NONE

    Reputations:
    4,013
    Messages:
    3,521
    Likes Received:
    170
    Trophy Points:
    131
  8. Kyle

    Kyle JVC SZ2000 Dual-Driver Headphones

    Reputations:
    1,758
    Messages:
    992
    Likes Received:
    575
    Trophy Points:
    106
    EDIT: Crap, Open JDK 7 is also vulnarable

    EDIT: Yes, on my system too, JDK 6 is installed by default, JDK 7 is not installed.

    JDK 6 is not vulnerable to this attack:
    Alien Pastures » OpenJDK 7u6_b30 with IcedTea 2.3.1 fixes 0day exploit

    EDIT: Or maybe it is!!

    Redhat has posted updates (and Ubuntu too, I would guess):
    Red Hat: 2012:1009-01: java-1.7.0-openjdk: Important Advisory - The Community's Center for Security
     
  9. Kyle

    Kyle JVC SZ2000 Dual-Driver Headphones

    Reputations:
    1,758
    Messages:
    992
    Likes Received:
    575
    Trophy Points:
    106
  10. Kyle

    Kyle JVC SZ2000 Dual-Driver Headphones

    Reputations:
    1,758
    Messages:
    992
    Likes Received:
    575
    Trophy Points:
    106
  11. talin

    talin Notebook Prophet

    Reputations:
    4,694
    Messages:
    5,343
    Likes Received:
    2
    Trophy Points:
    205
    ^ ^ Thanks for the heads up. For me, since I just boot into a live session with a secure thumb drive I'm not too worried about it.