Tuesday, January 15, 2013

New Java Exploit in the Wild


Last week a vulnerability was discovered in Java 7 that allowed compromised web sites to take control of computers visiting the site with a web browser with the Java plugin enabled. This has been reported to be actively exploiting systems in the wild.

The vulnerability seems to be specific to Java 7, and specifically the web browser plugin, so grid services do not seem to be vulnerable.

Oracle has released a new version of Java as of Sunday that should fix this vulnerability. It is recommended that people disable the Java browser plugin if its not needed until the update is installed.

Here's an article that has a good list of FAQs about this vulnerability:
https://krebsonsecurity.com/2013/01/what-you-need-to-know-about-the-java-exploit/