Jump to content
Sal's RuneScape Forum

Latest Java zero-day exploit renews calls to disable it

Salmoneus

By Salmoneus
in Technology: Discussion and Help

 Share

Recommended Posts

Salmoneus

Salmoneus

Posted
Posted

A zero-day Java exploit found for sale in the criminal underground has renewed calls to disable the cross-platform runtime environment in Web browsers.

 

The latest exploit of a vulnerability not yet publicly known was reported on Tuesday by Brian Krebs, author of the KrebsonSecurity blog. An established member of the Underweb forum, an invitation-only site, was selling the exploit for Java JRE 7 Update 9, the latest version of the platform. The expected price was in the "five digits."

 

Source: https://www.infoworl...sable-it-207950

wartoc

wartoc

Posted
Posted

A zero-day Java exploit found for sale in the criminal underground has renewed calls to disable the cross-platform runtime environment in Web browsers.

 

The latest exploit of a vulnerability not yet publicly known was reported on Tuesday by Brian Krebs, author of the KrebsonSecurity blog. An established member of the Underweb forum, an invitation-only site, was selling the exploit for Java JRE 7 Update 9, the latest version of the platform. The expected price was in the "five digits."

 

Source: https://www.infoworl...sable-it-207950

 

GAH! :bann: :bann: :bann: :(

Salmoneus

Salmoneus

Posted
  • Author
Posted

Oh, another Java hole.

Nothing's happened to me with any of these, don't see why I should care.

Java can do a lot of damage to your system, so if you have it installed, it's a good idea to keep up on stuff like this. This particular vulnerability is selling for tens of thousands of USD, so you can bet that it breaks out of the sandbox and can cause some major harm when executed. In a short time, you can also expect it to be included in a Java exploit toolkit, just waiting for an unpatched system to stumble upon it (or be redirected) and get infected with some really nasty payload. :(

 

And actually, this particular exploit appears to allow remote access to a system. Nasty stuff.

 

That's why I post these Java vulnerability articles here - because you need Java to play RuneScape, and we should all do what we can to keep our systems secure and patched.

 

So I don't suppose there are any versions of Java immune to this?

The seller of the 'sploit claim that it doesn't work on JRE < 7. So rolling back to the latest Java 6 may be an option if you really need Java. :)

Leo

Leo

Posted
Posted

The seller of the 'sploit claim that it doesn't work on JRE < 7. So rolling back to the latest Java 6 may be an option if you really need Java. :)

 

Looks like I have 6U37 so hopefully I should be fine.

Amber Pyre

Amber Pyre

Posted
Posted (edited)

Oh, another Java hole.

Nothing's happened to me with any of these, don't see why I should care.

Java can do a lot of damage to your system, so if you have it installed, it's a good idea to keep up on stuff like this. This particular vulnerability is selling for tens of thousands of USD, so you can bet that it breaks out of the sandbox and can cause some major harm when executed. In a short time, you can also expect it to be included in a Java exploit toolkit, just waiting for an unpatched system to stumble upon it (or be redirected) and get infected with some really nasty payload. :(

 

And actually, this particular exploit appears to allow remote access to a system. Nasty stuff.

 

That's why I post these Java vulnerability articles here - because you need Java to play RuneScape, and we should all do what we can to keep our systems secure and patched.

 

So I don't suppose there are any versions of Java immune to this?

The seller of the 'sploit claim that it doesn't work on JRE < 7. So rolling back to the latest Java 6 may be an option if you really need Java. :)

Is it wrong that I feel the need to brag about being quoted by you now?

And I don't even remember when I updated Java. Must be under version 7.

Edited by Amber Pyrilmas
Fox Totem

Fox Totem

Posted
Posted (edited)

I went back to the java 6 because I only have java for Runescape.

I have java disabled in the web browsers that I use. I only use the rs windows client to play rs.

They put java in the client about a year ago. So I do not know how threatened my pc is by

this latest news about java. I hope it will be all right.

 

edit - tyvm for posting this. (and the previous ones)

Edited by Gantowisa
O hai im KAMIL

O hai im KAMIL

Posted
Posted (edited)

Thanks for this, disabled Java as I don't play RS and probably don't need it.Edit: Should it be Java/script that is disabled on my browser, or uninstall Java entirely?

Edited by O hai im KAMIL
Micael Fatia

Micael Fatia

Posted
Posted (edited)

I don't think my browser (I use IE) has Java enabled but I honestly have no idea how to check. :s

Thanks for posting this, it's good to be informed about this sort of stuff.

 

Edit: Nvm figured out how to check if I had Java enabled, and disabled it.

Edit2: Oh apparently I have Java 6, at least according to the Java folder readme lol. >.<

Edited by Micael Fatia
Salmoneus

Salmoneus

Posted
  • Author
Posted

Thanks for this, disabled Java as I don't play RS and probably don't need it.Edit: Should it be Java/script that is disabled on my browser, or uninstall Java entirely?

Javascript is ok in this case, it's Java which is the problem. :)

 

Here's a guide on Turning off Java in IE, Firefox, Chrome, Opera and Safari, if you don't need it for anything.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Guidelines and Privacy Policy.

  I accept