Java exploit in the wild - here we go again...

Sorry, you do not have permission to view pictures!

Advanced search

SNUG

Phun
Chew The Cud
Blow Your Stack

LOUNGE

PC Help
Health and Wellbeing
Our Tate
Devil Among The Tailors

LADIES AND GENTS

Bog Wall
Feedback
Test

THE DOOR

Car Park
The Stables

[Richard]

It's a naughty one - it allows your machine to be forced to run any code the attacker wants, regardless of your browser.

The Windows version is in the wild, but theoretically a different payload on the same exploit could infect Mac or Linux too.

http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html

Until this is patched, I strongly recommend you kill your Java stone dead... it's highly unlikely you need it installed at all, I haven't had it on my machine in a year or more and haven't missed it.

[Baron]

I currently don't have Java installed, and there is only one programme that requires it, and I am buggered if I can remember what it is.....

[crikey]

Got a java update alert tonight - wonder if it's the fix? Have ignored it, for now.

[fairyhedgehog]

Thanks. I've uninstalled Java.

[fairyhedgehog]

And now I've discovered I need Java to run BlogBridge (my blog reader). Is it safe to reinstall it yet?

[Richard]

And now I've discovered I need Java to run BlogBridge (my blog reader). Is it safe to reinstall it yet?

Unless Oracle break their usually-strict patch cycle - they don't normally do that even when they're in deep shit - you're looking at the middle of October 

You may have to resort to reading blogs in your browser like the rest of us?

[fairyhedgehog]

I'm back to using my Google list - which will never unsubscribe from anything and doesn't organise blogs, so it's a chaotic mess. If I miss any of your posts, I apologise in advance!

[Derek]

Java update out now
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

if you must use Java go, & get it
but even better is to uninstall Java & avoid the risks completely

[Derek]

and the newest version of Java released yesterday is alleged to be vulnerable to  a new set of 0 day exploits and poc for them have been issued by the same "security analysts" as had the original releases

[Richard]

No surprises there - Java is insecure by design and always will be... and there's no need for it to be installed at all for 99% of home users.

http://arstechnica.com/security/2012/08/critical-bug-discovered-in-newest-java/

[Langston]

No surprises there - Java is insecure by design and always will be... and there's no need for it to be installed at all for 99% of home users.

http://arstechnica.com/security/2012/08/critical-bug-discovered-in-newest-java/

Not having it really f*cks up OpenOffice, particularly the database.
Do you know of an alternative?

[Richard]

Not having it really f*cks up OpenOffice, particularly the database.
Do you know of an alternative?

Up to date versions of OO and LibreOffice should both work fine without it... I've not discovered anything LibreOffice can't do without it, and when I recently did a fresh install without Java installed I wasn't prompted for it.

[Langston]

The database still requires it (OO 3.4.1). I will look into LibreOffice.

[Casper the Ghost]

Oracle say they have released a patch to fix it now.

[Langston]

Up to date versions of OO and LibreOffice should both work fine without it... I've not discovered anything LibreOffice can't do without it, and when I recently did a fresh install without Java installed I wasn't prompted for it.

I've just installed LibreOffice and that won't run OO databases without Java RTE either.

[Richard]

I've just installed LibreOffice and that won't run OO databases without Java RTE either.

That's odd, because it's working just fine here. 

I wonder if it's because my database began life in Foxpro so it's using a different filter?

[Langston]

That's odd, because it's working just fine here. 

I wonder if it's because my database began life in Foxpro so it's using a different filter?

I have no idea. As soon as I try table view it tells me it requires JRE to perform that action. I'll either have to find a way of converting the information, or put Java back on ( which I'd rather not).

[Casper the Ghost]

Mine auto-updated itself tonight so I assume I am now patched.