New Java 7 exploit allows hackers to install malware on Windows, Mac OS X, and Linux; only fix currently is to disable Java.
Read about it here :-
http://dottech.org/windows/77807/new-java-7-exploit-allows-hackers-to-install-malware-on-windows-mac-os-x-and-linux-only-fix-currently-is-to-disable-java/
Went to disable it in Firefox but it was already disabled since the 14th of August for what I assume is another exploit? Gotta love Firefox notifying me and disabling bad shit.
Good work, coffeegrinder!
How to disable Java by browser:
http://blog.markloiseau.com/2012/03/psa-disable-java-in-your-browser/
How to disable Java in your Mac Web Browser:
http://www.maclife.com/article/howtos/how_disable_java_your_mac_web_browser
I do expect Oracle will come up with an emergency fix before their planned October update.
bump
Interesting, I check my Plugins in Firefox 15.0 and my version of Java is 6 and it says there is no update available. It says JAVA(TM) Platform SE 6 U33 6.0.330.3. I don't think that is the JAVA plugin I should be concerned with?
Mine's been disabled since July....
Thanks
Okay, I just went and disable Java. Thank you
It appears you are OK (more or less) if you've not updated Java to 7 - my browsers are still at 6.x. As long as Java's not set to auto-update should be safe.
I didn't even realize I didn't have Java.
I have Java Deployment Toolkit 6.02.200.2 enabled
Platform SE 6 U20 6.2.00.2 is disabled
And you're deploying just what, and where?
Two words for Firefox users
No Script!
It is the best addon, it disables flash and java, and allows you to train it and set up exactly what sites you allow through and what sites you don't, once you train it, which can be time consuming, it's awesome.
-Æ
I love NoScript, too, but it's not for the casual user (e.g., my wife - it only serves to frustrate the begeezus out of her) or the faint of computer.
It is now being reported that a tech security firm alerted Oracle about the vulnerability four months ago.
source: http://dottech.org/tech-news/77910/oracle-knew-about-critical-java-vulnerabilities-four-months-prior-to-attack-says-security-firm/