Java Exploit

Came across this, thought I would post it here to let people know. Not entirely sure how legit it is, but no harm in posting it.

All operating systems at risk from Java exploit:

Disable Java in Google Chrome:
Disable Java in Internet Explorer:
Disable Java in Safari:
Disable Java in Firefox:
If you use a different web browser, just Google it.

I’ve had Java disabled in Firefox for a very very long time. Firefox has actually had it flagged as a security vulnerability for quite some time

Yea I don’t have it for chrome either. There’s a setting in chrome which allows you to click to enable plugins. I use this for two reasons, annoying flash ads are blocked and security reasons like this.

If you are using safari you can just:

  1. Open Safari
  2. Click on Safari on the bar above
  3. Click on Preferences
  4. Click on Security
  5. Click enable java until the box is unchecked
The vulnerability allows attackers to use a custom web page to force systems to download and run an arbitrary payload – for example, a keylogger or some other type of malware. The payload does not need to be a Java app itself.

In the form in which it was discovered, the exploit only works on Windows machines, because the payload that it downloads is a Windows executable. But the hackers behind the Metasploit penetration testing software say they have studied the exploit and found that it could just as easily be used to attack machines running Linux or Mac OS X, given the appropriate payload.

Exploiting Java, Through Java, Without Java.
Seems legit. I asked my computer science teacher and my highschools server manager about this. Basically its bullshit.

Not necessarily. Considering I’m seeing articles like this leads me to believe its not.

Basically be safe, who cares if its true or not. Be safe.

Your teacher probably doesn’t actually understand it. I’m pretty sure it’s legit.

After seeing that second one you posted I can see how its real.

According to Symantec: "The vulnerability consists of a privilege escalation due to a class that allows access to protected members of system classes, which should not be accessible. Because of this, malicious code can bypass the restrictions imposed by the sandbox and use the 'getRuntime(0.exec()' function."

Thanks for the info guys, just disabled Java in Chrome. Good thing I was told this now!