Latest Java zero-day exploit renews calls to disable it

ronjor · Nov 28, 2012

By Antone Gonsalves | CSO

A zero-day Java exploit found for sale in the criminal underground has renewed calls to disable the cross-platform runtime environment in Web browsers.

The latest exploit of a vulnerability not yet publicly known was reported on Tuesday by Brian Krebs, author of the KrebsonSecurity blog. An established member of the Underweb forum, an invitation-only site, was selling the exploit for Java JRE 7 Update 9, the latest version of the platform. The expected price was in the "five digits."
Click to expand...

https://www.infoworld.com/d/security/latest-java-zero-day-exploit-renews-calls-disable-it-207950

Rmus · Nov 28, 2012

In discussing preventative measures for those who need Java installed, this is included:

Another option is to configure a client firewall to block a browser's Java plug-in from accessing the Internet, unless the destination site is on a whitelist.
Click to expand...

The firewall rule is an added layer of protection to the other preventative measures mentioned.

This also applies to the PDF Reader. In both cases, exploits can use the application to call out to the internet:

----
rich

siljaline · Nov 28, 2012

Do you need Java ? (H/T) @ Corrine

Log in or Sign up

Latest Java zero-day exploit renews calls to disable it

ronjor Global Moderator

Rmus Exploit Analyst

siljaline Registered Member

Log in or Sign up

Latest Java zero-day exploit renews calls to disable it

ronjor Global Moderator

Rmus Exploit Analyst

siljaline Registered Member

Useful Searches