New Java vulnerability is being exploited in the wild; disable the plugin or change your security settings

“A new Java zero-day vulnerability is being exploited in the wild,” Emil Protalinski reports for TNW.

“If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to ‘High’ and attempt to avoid executing malicious applets,” Protalinski reports. “This latest flaw was first discovered by security firm FireEye, which says it has already been used ‘to attack multiple customers.’ The company has found that the flaw can be exploited successfully in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed, the latest versions of Oracle’s plugin.”

Protalinski reports, “We recommend that regardless of what browser and operating system you are using, you should uninstall Java if you don’t need it. If you do need it, disable Java in your default browser, use a second browser when Java is required, and set your Java security settings to ‘High’ so that it prompts you before loading an applet.”

Read more in the full article here.

MacDailyNews Note: Safari>Preferences>Security: make sure “Enable Java” is unchecked.

Related articles:
Apple closes Java hack, and why it’s time to switch Java off for good – February 20, 2013
Oracle releases Java 7 Update 15 – February 20, 2013
Hackers’ attacks on Apple, Facebook, 40 other companies said to come from eastern Europe – February 20, 2013
Apple releases Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 13 – February 19, 2013
Some Apple Inc. employees hit by same hackers who targeted Facebook last week – February 19, 2013
Bad Java: Apple blocks Oracle’s latest Java version via OS X anti-malware system – January 31, 2013
Why fixing the Java flaw will take so long – January 16, 2013
How to kill Java dead, dead, dead; this outdated tech must be exterminated – January 15, 2013
Java 7 update 11 security patch fixes nothing; users advised to disable Java – January 14, 2013
Oracle releases Java Version 7 Update 11 – January 14, 2013
Oracle Corp to fix Java security flaw ‘shortly’ – January 12, 2013
Apple blocks OS X Java 7 plug-in as U.S. Department of Homeland Security warns of zero day threat – January 11, 2013
Apple makes OS X even more secure for Mac users by removing Java – October 19, 2012
Apple uninstalls Java applet plug-in from all web browsers – October 17, 2012
New zero-day Java exploit puts 1 billion PCs and Macs running OS X 10.6 or earlier at risk – September 26, 2012
Warning: New Java trojan targets Apple’s OS X along with Windows, Linux – July 11, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
OS X trojan variant preys on Mac users with unpatched Java – February 27, 2012
Jobs: Having Oracle, not Apple, release timely Java updates better for Mac users – October 22, 2010
Apple deprecates its release of Java for Mac OS X – October 21, 2010

14 Comments

    1. If only it was that simple and rational. Notice that Windows remains the dominant OS in the world. Therefore, we’re still stuck in The Dark Age Of Computing. Good luck finding a cognizant IT director. 😛

    2. what you say makes no sense. It is bad to run Java and good to run JavaScript? The question isn’t about the language and there are plenty of JavaScript vulnerabilities. How about disabling JavaScript and shutting down the whole internet.

      Programming languages are not religious wars. Depending on what you are trying to each language has it’s uses. Vulnerabilities are part of ALL languages.

  1. I’ve been covering the gory details of both Java HELL and Adobe HELL at my Mac-Security blog. You can get to its link my clicking on my avatar icon.

    I wrote a record 11 security articles in February. This is easily the worst time ever for Mac security, and ALL of it is due to crapcode in third party apps, specifically Oracle crap and Adobe crap.

    As MDN indicates:
    Just Turn Java Off
    AND
    Just Turn Flash Off
    AND
    Just Turn Adobe Reader Off
    AND
    Just Turn Adobe AIR Off
    AND
    Just Turn Adobe Shockwave Off
    AND
    Don’t Use Adobe Acrobat. Use one of the plethora of alternatives to make you PDFs.

    Summary: A very hardy FSCK -U to Oracle and Adobe. I hate you both.

    1. @Derek Currie
      And a mighty helpful and informative website it is indeed. I’ve been checking in there from time to time over the past year and I thank you for your work on a tedious project.

      And I totally agree with your Summary, adding Google as evil and Microsoft as simply bloated to the list of companies whose software I refuse to use.

    2. The problem is not Java, it is Oracle. That’s where the problem lies, and don’t get me started on Adobe. I wish both companies go away and Java survives but taken over by a company more capable.

    3. Might be fine if you do your own IT but if where you work (about 2000 employees 40000 “clients” 10 “branches” one OS) specifies IE, Office, Adobe, and Java in the standard operating environment you are an outlier if you choose not to use any of them and not supported.

  2. (In the Adobe removal instructions) Why would they have you search for the applet in Applications for something that is really in /Library? Do the “MORE TECHNICAL INFORMATION” part of the instructions.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.