Java in Windows, Linux and even in Mac was vulnerable to a zero day exploit which is hosted on a malicious domain. See fireeye post for more detailed analysis.
Oracle published security updates today and now current version of java is Java 7 update 7. Oracle is also providing security patches for Java version 6. Current version for that is Java 6 update 35.
Exploit was available long ago in Crimeware toolkit like Blackhole. and now in Metasploit. Availability of this zero day exploit forces a system admin or user to uninstall or disable Java. Security researchers are suggesting to turn off Java, unless there is a strong use case. Java is running on almost 3 billion devices, which includes PCs, laptops, smartphones and tablets. So before disabling it is very important to understand that which component or software uses Java. As exploit is hosted on a website, all browsers running on systems were found to be vulnerable if they had the Java plugin installed, including Chrome, Firefox, Internet Explorer, Opera, and Safari. In the UN-availability of security updates a user can prevent attack by disabling java plugins in their respective browsers.
For Windows users:
In Mozilla firefox: Go to Add-ons manager.Click on the Java (TM) Platform plugin to select it. And click Disable.
In Google chrome: visit the Plug-ins page at chrome://plugins/. Find the java plug-in and click Disable.
In Internet explorer: If you use Internet Explorer version 7 or above, open Internet Explorer and select Tools | Manage Add-ons then skip to Step 2.
If you use an older version of Internet Explorer, open Internet Explorer and select Tools | Internet Options and continue to Step 1.
- 1. From the Internet Options window, click the Programs tab and select Manage Add-ons.
- 2. From the Add-ons windows, click once to select (highlight) Java Plug-in then click the Disable button. Click Close and OK to accept the change.
For MAC users:
In Safari: Go to Safari > Preferences, click “security” and uncheck “Disable Java”.
In Mozilla firefox: Go to Add-ons manager.Click on the Java (TM) Platform plugin to select it. And click Disable.
In Google chrome: visit the Plug-ins page at chrome://plugins/. Find the java plug-in and click Disable.
For Linux users:
In Google chrome: visit the Plug-ins page at chrome://plugins/. Find the java plug-in and click Disable.
In Mozilla firefox: Go to Add-ons manager.Click on the Java (TM) Platform plugin to select it. And click Disable.
Note: you can re-enable Java easily by following the same steps above, this time selecting the enable option.
No comments:
Post a Comment