Disable Java warning
Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: Disable Java warning

  1. #1
    Join Date
    Apr 2000
    Location
    Friern Barnet, London, England
    Posts
    46,565

    Disable Java warning

    Yet another zero-day exploit

    Read all about it here:

    http://www.theregister.co.uk/2012/08...block_exploit/
    Nick.

  2. #2
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,426
    Thanks for the heads up. I've disabled Java and haven't found any sites I regularly go to that actually need it. I thought a couple of the financial/stock market chart and speed test pages I use did but it seems that they use Flash now.

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

  3. #3
    Join Date
    May 2001
    Location
    Rosario - Santa Fé - Argentina
    Posts
    599
    I just have disabled Java on Firefox, but how can I disable it in IE 8 ?

  4. #4
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063

  5. #5
    Join Date
    May 2001
    Location
    Rosario - Santa Fé - Argentina
    Posts
    599
    I tried to disable Java in Control Panel and in IE8 Properties. No joy.
    I just had to uninstall it.
    By the way, there is a new version, Version 7 Update 6. Will it have the same vulnerability ?

  6. #6
    Join Date
    May 2001
    Location
    Rosario - Santa Fé - Argentina
    Posts
    599
    Now, how are we going to find out when it is safe to install Java again ?

    (BTW: The forum is quite slow again)

  7. #7
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    Not very soon it seems.

    There are some zero-day vulnerabilities in Java that are already being exploited. However, these aren't new bugs: Oracle (NASDAQ:ORCL) has known about them since early April, and doesn't plan to fix them until October.
    http://blogs.computerworld.com/malwa...-oracle-itbwcw

  8. #8
    Join Date
    May 2001
    Location
    Rosario - Santa Fé - Argentina
    Posts
    599
    Thanks for your answer, Train.

  9. #9
    Join Date
    Apr 2005
    Location
    Maryland, USA
    Posts
    17,806

  10. #10
    buf's Avatar
    buf is offline Virtual PC Specialist!!!
    Join Date
    Oct 2001
    Location
    Florida USA
    Posts
    4,684
    Thanks for your heads up Nick. I just simply deleted Java. It is (or has been) easy to install in the past.
    Compaq Presario CQ5210F Windows 7 Home Premium 64Bit Athlon II X2 215(2.7GHz) Nvidia GeForce 6150SE 22" Envision LCD Monitor Brother HL2040 Laser Printer 500GB SATA HDD 3GB DDR2 Ram and NVIDIA nForce MCP61 Chipset Motherboard

  11. #11
    Join Date
    May 2001
    Location
    Rosario - Santa Fé - Argentina
    Posts
    599
    Thanks for your links SpywareDr, they are very useful.

  12. #12
    Join Date
    Jun 2001
    Location
    Albuquerque, NM USA
    Posts
    14,686
    There is now an update from Java, version 7.0.70.
    http://java.com/en/download/manual.jsp
    I uninstalled the old and installed 7.0.70 and ran the test from ZScaler. It said I was still vulnerable.
    However, a day or so ago, before installing the new update I had disabled Java(tm) Plug-in SSV Helper and Java(tm) Plug-in 2 SSV Helper BHO's, and when I ran ZScaler it said I was still vulnerable.
    So I wonder how meaningful the ZScaler test is.
    Last edited by Welshjim; August 31st, 2012 at 12:12 PM.
    Jim
    WIN7 Ultimate SP1 64bit, IE 11, NTFS,
    cable, MS Security Essentials, Windows 7 firewall

  13. #13
    Join Date
    Jun 2001
    Location
    Albuquerque, NM USA
    Posts
    14,686
    Oracle says version 7.0.70 is not vulnerable to the zero-day exploits, and testers agree.
    http://www.computerworld.com/s/artic...rchers_confirm

    I do not know why there is a small difference in version number, comparing the installed version in my Control Panel (7.0.70) versus Oracle's nomenclature "The full version string for this update release is 1.7.0_07-b10 ".
    Last edited by Welshjim; August 31st, 2012 at 02:49 PM.
    Jim
    WIN7 Ultimate SP1 64bit, IE 11, NTFS,
    cable, MS Security Essentials, Windows 7 firewall

  14. #14
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    Only hours after Oracle released its latest Java 7 update to address active exploits, security researchers found yet another vulnerability that can be exploited to run arbitrary code on systems that have the runtime installed.

    http://reviews.cnet.com/8301-13727_7...t-java-update/

  15. #15
    Join Date
    Apr 2005
    Location
    Maryland, USA
    Posts
    17,806
    My understanding is versions 1.7.0_00-000 through 1.7.0_06-FFF are vulnerable to the 0-day exploit.

    And, according to this Zscaler page, the latest version, "1.7.0_07-000", (aka: "Version 7 Update 7", "7u7", "7.0.70", "Java SE 7 Update 07", "Java 7 Update 7"), is not vulnerable.

    Here's a screenshot:

    (Click it for a larger view)

    I do not know (yet) if 7u7 is vulnerable to some other "currently in the wild" vulnerability.
    Last edited by SpywareDr; September 1st, 2012 at 10:14 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •