[SOLVED] Java 7 security vulnerabilities.
Forum rules
READ NOW: L2j Forums Rules of Conduct
READ NOW: L2j Forums Rules of Conduct
- UnAfraid
- L2j Veteran
- Posts: 4199
- Joined: Mon Jul 23, 2007 4:25 pm
- Location: Bulgaria
- Contact:
[SOLVED] Java 7 security vulnerabilities.
There was discovered some java 7 security vulnerability which allows Remote Code Execution exploit i would suggest you to disable temporarily Java 7 plugin in your browser until oracle provide a patch.
Information: http://www.informationweek.com/security ... /240006535
Information: http://www.informationweek.com/security ... /240006535
- MELERIX
- L2j Veteran
- Posts: 6667
- Joined: Sat Sep 23, 2006 11:31 pm
- Location: Chile
- Contact:
Re: Java 7 security vulnerabilities.
the first time that I readed this, I was thinking the exploit works just having Java installed and nothing more.
but no... after read about this in other security websites, and the CVE-2012-4681, I can say that the exploit is not a exploit at all, is just a malware that use some Java 7 features, and require user intervention to install a plugin (applet) from a malicious website.
also the applet doesn't contain a digital signature, so the user will see a pop-up before trying to install it.
in short words you just need to be really unfriendly with computers in order to decide install it by yourself and manually something unknown, leaving your machine vulnerable to others xD
anyway, this is already fixed in Java SE 7u7, so just update
http://www.oracle.com/technetwork/java/ ... index.html
but no... after read about this in other security websites, and the CVE-2012-4681, I can say that the exploit is not a exploit at all, is just a malware that use some Java 7 features, and require user intervention to install a plugin (applet) from a malicious website.
also the applet doesn't contain a digital signature, so the user will see a pop-up before trying to install it.
in short words you just need to be really unfriendly with computers in order to decide install it by yourself and manually something unknown, leaving your machine vulnerable to others xD
anyway, this is already fixed in Java SE 7u7, so just update
http://www.oracle.com/technetwork/java/ ... index.html
- jurchiks
- Posts: 6769
- Joined: Sat Sep 19, 2009 4:16 pm
- Location: Eastern Europe
Re: Java 7 security vulnerabilities.
http://arstechnica.com/security/2012/08 ... west-java/
More flaws and and arguably a much more serious bug in Update 7!
I'd think twice before updating.
More flaws and and arguably a much more serious bug in Update 7!
I'd think twice before updating.
If you have problems, FIRST TRY SOLVING THEM YOURSELF, and if you get errors, TRY TO ANALYZE THEM, and ONLY if you can't help it, THEN ask here.
Otherwise you will never learn anything if all you do is copy-paste!
Discussion breeds innovation.
Otherwise you will never learn anything if all you do is copy-paste!
Discussion breeds innovation.
- UnAfraid
- L2j Veteran
- Posts: 4199
- Joined: Mon Jul 23, 2007 4:25 pm
- Location: Bulgaria
- Contact:
Re: Java 7 security vulnerabilities.
Actually it end up worse now they found vuln since java 5
http://blogs.computerworld.com/malware- ... users-risk
Soo if u didn't disabled java plugin in your browser before now is the time to do it
http://blogs.computerworld.com/malware- ... users-risk
Soo if u didn't disabled java plugin in your browser before now is the time to do it
- jurchiks
- Posts: 6769
- Joined: Sat Sep 19, 2009 4:16 pm
- Location: Eastern Europe
Re: Java 7 security vulnerabilities.
Or switch to OpenJDK, maybe they don't have that bug or have fixed it.
If you have problems, FIRST TRY SOLVING THEM YOURSELF, and if you get errors, TRY TO ANALYZE THEM, and ONLY if you can't help it, THEN ask here.
Otherwise you will never learn anything if all you do is copy-paste!
Discussion breeds innovation.
Otherwise you will never learn anything if all you do is copy-paste!
Discussion breeds innovation.
- MELERIX
- L2j Veteran
- Posts: 6667
- Joined: Sat Sep 23, 2006 11:31 pm
- Location: Chile
- Contact:
Re: Java 7 security vulnerabilities.
OpenJDK have the same bug xD
anyway you just need to disable plugin from browser temporally (until Java update is released), not whole Java.
it probably will be fixed in next version of Java that will be released in Oct 16, I hope.
anyway you just need to disable plugin from browser temporally (until Java update is released), not whole Java.
it probably will be fixed in next version of Java that will be released in Oct 16, I hope.
- jurchiks
- Posts: 6769
- Joined: Sat Sep 19, 2009 4:16 pm
- Location: Eastern Europe
Re: Java 7 security vulnerabilities.
Yeah...probably... I hope
If you have problems, FIRST TRY SOLVING THEM YOURSELF, and if you get errors, TRY TO ANALYZE THEM, and ONLY if you can't help it, THEN ask here.
Otherwise you will never learn anything if all you do is copy-paste!
Discussion breeds innovation.
Otherwise you will never learn anything if all you do is copy-paste!
Discussion breeds innovation.
- MELERIX
- L2j Veteran
- Posts: 6667
- Joined: Sat Sep 23, 2006 11:31 pm
- Location: Chile
- Contact:
Re: Java 7 security vulnerabilities.
issue is fixed in Java SE 7u9, released today (Oct 16)
Update Release Notes: http://www.oracle.com/technetwork/java/ ... 63279.html
Update Release Notes: http://www.oracle.com/technetwork/java/ ... 63279.html
- UnAfraid
- L2j Veteran
- Posts: 4199
- Joined: Mon Jul 23, 2007 4:25 pm
- Location: Bulgaria
- Contact:
Re: [SOLVED] Java 7 security vulnerabilities.
And here we go again http://blog.fireeye.com/research/2013/0 ... day-2.html (Thanks lion)
- Zoey76
- L2j Inner Circle
- Posts: 7005
- Joined: Tue Aug 11, 2009 3:36 am
Re: [SOLVED] Java 7 security vulnerabilities.
Their fixes are starting to look like mineUnAfraid wrote:And here we go again http://blog.fireeye.com/research/2013/0 ... day-2.html (Thanks lion)
Powered by Eclipse 4.30 | Eclipse Temurin 21 | MariaDB 11.3.2 | L2J Server 2.6.3.0 - High Five
Join our Discord!
Join our Discord!
- MELERIX
- L2j Veteran
- Posts: 6667
- Joined: Sat Sep 23, 2006 11:31 pm
- Location: Chile
- Contact:
Re: [SOLVED] Java 7 security vulnerabilities.
Java plugin is turning as Flash Player xD
I guess Update 17 will come soon, probably during march, lol.
I guess Update 17 will come soon, probably during march, lol.
- MELERIX
- L2j Veteran
- Posts: 6667
- Joined: Sat Sep 23, 2006 11:31 pm
- Location: Chile
- Contact:
Re: [SOLVED] Java 7 security vulnerabilities.
issue fixed in Java 7 Update 17: http://www.oracle.com/technetwork/java/ ... index.html
Release Notes: http://www.oracle.com/technetwork/java/ ... 15289.html
Release Notes: http://www.oracle.com/technetwork/java/ ... 15289.html
-
- Posts: 40
- Joined: Fri Mar 16, 2012 1:29 pm
- Location: Belarus
Re: [SOLVED] Java 7 security vulnerabilities.
Interesting info