“A new Java zero-day vulnerability is being exploited in the wild,” Emil Protalinski reports for TNW.
“If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to ‘High’ and attempt to avoid executing malicious applets,” Protalinski reports. “This latest flaw was first discovered by security firm FireEye, which says it has already been used ‘to attack multiple customers.’ The company has found that the flaw can be exploited successfully in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed, the latest versions of Oracle’s plugin.”
Protalinski reports, “We recommend that regardless of what browser and operating system you are using, you should uninstall Java if you don’t need it. If you do need it, disable Java in your default browser, use a second browser when Java is required, and set your Java security settings to ‘High’ so that it prompts you before loading an applet.”
Read more in the full article here.
MacDailyNews Note: Safari>Preferences>Security: make sure “Enable Java” is unchecked.
Related articles:
Apple closes Java hack, and why it’s time to switch Java off for good – February 20, 2013
Oracle releases Java 7 Update 15 – February 20, 2013
Hackers’ attacks on Apple, Facebook, 40 other companies said to come from eastern Europe – February 20, 2013
Apple releases Java for OS X 2012-006 and Java for Mac OS X 10.6 Update 13 – February 19, 2013
Some Apple Inc. employees hit by same hackers who targeted Facebook last week – February 19, 2013
Bad Java: Apple blocks Oracle’s latest Java version via OS X anti-malware system – January 31, 2013
Why fixing the Java flaw will take so long – January 16, 2013
How to kill Java dead, dead, dead; this outdated tech must be exterminated – January 15, 2013
Java 7 update 11 security patch fixes nothing; users advised to disable Java – January 14, 2013
Oracle releases Java Version 7 Update 11 – January 14, 2013
Oracle Corp to fix Java security flaw ‘shortly’ – January 12, 2013
Apple blocks OS X Java 7 plug-in as U.S. Department of Homeland Security warns of zero day threat – January 11, 2013
Apple makes OS X even more secure for Mac users by removing Java – October 19, 2012
Apple uninstalls Java applet plug-in from all web browsers – October 17, 2012
New zero-day Java exploit puts 1 billion PCs and Macs running OS X 10.6 or earlier at risk – September 26, 2012
Warning: New Java trojan targets Apple’s OS X along with Windows, Linux – July 11, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
OS X trojan variant preys on Mac users with unpatched Java – February 27, 2012
Jobs: Having Oracle, not Apple, release timely Java updates better for Mac users – October 22, 2010
Apple deprecates its release of Java for Mac OS X – October 21, 2010