Java 7 security exploit in the wild: edit - now patched
-
- 3StarLounger
- Posts: 361
- Joined: 24 Jan 2010, 14:24
- Location: Buckinghamshire, England
Java 7 security exploit in the wild: edit - now patched
It has been reported in the last couple of days that there is a zero-day exploit for Java 7 that could allow execution of arbitrary code. The zero-day exploit is only reported to affect Java 7, so until Java 7 is patched a workaround is to uninstall Java 7 and install Java 6 instead.
http://secunia.com/advisories/50133/" onclick="window.open(this.href);return false;
http://www.theregister.co.uk/2012/08/27 ... k_exploit/" onclick="window.open(this.href);return false;
http://www.deependresearch.org/2012/08/ ... ation.html" onclick="window.open(this.href);return false;
Java 6 update 34 can be downloaded from http://www.oracle.com/technetwork/java/ ... 37595.html" onclick="window.open(this.href);return false;
If you install Java 6, you may want to consider turning off automatic updates as well, for details on how to do that see http://kb.mozillazine.org/Java#On_Windows" onclick="window.open(this.href);return false;
Java 6 is being supported until November 2012, but hopefully Java 7 will have been patched by then...
http://secunia.com/advisories/50133/" onclick="window.open(this.href);return false;
http://www.theregister.co.uk/2012/08/27 ... k_exploit/" onclick="window.open(this.href);return false;
http://www.deependresearch.org/2012/08/ ... ation.html" onclick="window.open(this.href);return false;
Java 6 update 34 can be downloaded from http://www.oracle.com/technetwork/java/ ... 37595.html" onclick="window.open(this.href);return false;
If you install Java 6, you may want to consider turning off automatic updates as well, for details on how to do that see http://kb.mozillazine.org/Java#On_Windows" onclick="window.open(this.href);return false;
Java 6 is being supported until November 2012, but hopefully Java 7 will have been patched by then...
Last edited by TonyE on 30 Aug 2012, 18:31, edited 1 time in total.
Tony
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
-
- 4StarLounger
- Posts: 536
- Joined: 05 Feb 2010, 23:23
- Location: Whitehaven Cumbria UK
Re: Java 7 security exploit in the wild
Thank you! Have uninstalled JRE 7.5 and installed JRE 6.34 as suggested, and also turned off automatic updates. I note, however, that all the referred websites indicate that it is not advisable to 'regress' to earlier (pre 7) versions as this could lead to other vulnerabilities that JRE 7 'fixed'. Is this a case of 'damned if you do, damned if you don't'? I'm assuming that reverting to JRE6.34 is the lesser of two evils ?
Regards,
Regards,
Regards,
Keith
Keith
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Java 7 security exploit in the wild
For the moment, yes, reverting is the lesser of two evils. Hopefully the vulnerabilities in JRE 7 will be patched soon.
Best wishes,
Hans
Hans
-
- SilverLounger
- Posts: 2062
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Java 7 security exploit in the wild
Thanks for this info.
I have both Java 6 & 7 latest versions on pc and have been leaving Java 6 'off' in the Java Control Panel. I have now 'swapped these and Java 7 is off. Is this a satisfactory method of control until 7 is fixed?
Ron
I have both Java 6 & 7 latest versions on pc and have been leaving Java 6 'off' in the Java Control Panel. I have now 'swapped these and Java 7 is off. Is this a satisfactory method of control until 7 is fixed?
Ron
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
-
- SilverLounger
- Posts: 2062
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Java 7 security exploit in the wild
Thanks Hans ... just for now I have deselected both versions in the Java Control Panel.
Under the Java/Security tab I have found these three listings of 'Trusted Sites'. I don't really know what these mean but I can't recall 'agreeing' these ...do you think I should Remove them just for now?
Under the Java/Security tab I have found these three listings of 'Trusted Sites'. I don't really know what these mean but I can't recall 'agreeing' these ...do you think I should Remove them just for now?
You do not have the required permissions to view the files attached to this post.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- 3StarLounger
- Posts: 361
- Joined: 24 Jan 2010, 14:24
- Location: Buckinghamshire, England
Re: Java 7 security exploit in the wild
Oracale have released Java 7 Update 7 to fix the security issues.
http://www.kb.cert.org/vuls/id/636312" onclick="window.open(this.href);return false;
Java 7 Update 7 available from http://www.oracle.com/technetwork/java/ ... 36441.html" onclick="window.open(this.href);return false; or http://www.java.com/" onclick="window.open(this.href);return false;
They have also released Java 6 update 35 - http://www.oracle.com/technetwork/java/ ... 36473.html" onclick="window.open(this.href);return false;
http://www.kb.cert.org/vuls/id/636312" onclick="window.open(this.href);return false;
Java 7 Update 7 available from http://www.oracle.com/technetwork/java/ ... 36441.html" onclick="window.open(this.href);return false; or http://www.java.com/" onclick="window.open(this.href);return false;
They have also released Java 6 update 35 - http://www.oracle.com/technetwork/java/ ... 36473.html" onclick="window.open(this.href);return false;
Tony
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Java 7 security exploit in the wild
Hi Ron,RonH wrote:Under the Java/Security tab I have found these three listings of 'Trusted Sites'.
I wouldn't remove those - Secunia PSI and your online banking would simply redownload these digital certificates next time you use them.
Best wishes,
Hans
Hans
-
- SilverLounger
- Posts: 2062
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Java 7 security exploit in the wild: edit - now patched
Java 7/7 installed on my Windows 7, thanks. I note that when I uninstall any Java from Control Panel/Programs and install the latest Update, previous versions (Updates 5 & 6) still remain in the Sun/Java Control Panel (LocalLow/Sun/Java folder). Is this correct?
Can I delete any Java programmes in Control Panel/Programs AND completely delete the entire Sun/Java folder that is in LocalLow and then do a complete reinstall to clean up all files and start afresh?
HELP PLEASE. I have just installed this Update 7 on our other Vista pc and it shows in the Control Panel ... but its not working. I have searched for the Java Control Panel to turn on Java (it was still turned off from yesterday when I did the 7/7 Update) but I can't locate it even in the Vista Control Panel How can I locate and turn Java on? Also this pc in LocalLow/Java folder shows Updates 4/5 and7 but no Update6 ... this was never installed. As with the Windows7 pc, only Update 7 shows in Control Panel/Programs.
Can I delete any Java programmes in Control Panel/Programs AND completely delete the entire Sun/Java folder that is in LocalLow and then do a complete reinstall to clean up all files and start afresh?
HELP PLEASE. I have just installed this Update 7 on our other Vista pc and it shows in the Control Panel ... but its not working. I have searched for the Java Control Panel to turn on Java (it was still turned off from yesterday when I did the 7/7 Update) but I can't locate it even in the Vista Control Panel How can I locate and turn Java on? Also this pc in LocalLow/Java folder shows Updates 4/5 and7 but no Update6 ... this was never installed. As with the Windows7 pc, only Update 7 shows in Control Panel/Programs.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Java 7 security exploit in the wild: edit - now patched
1) Yes, after uninstalling Java, you can safely remove any remaining folders/files.
2) I'd try uninstalling/reinstalling on the PC where Java doesn't work.
2) I'd try uninstalling/reinstalling on the PC where Java doesn't work.
Best wishes,
Hans
Hans
-
- SilverLounger
- Posts: 2062
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Java 7 security exploit in the wild: edit - now patched
Thanks Hans ... sorted on both pc's. Reinstalling also got rid of past files eg Update 5, 6 etc so now just Update 7 appears in the LocalLow/Java.
What would I do without you
What would I do without you
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Java 7 security exploit in the wild: edit - now patched
But how about your online banking? Does that work with the new version?
Best wishes,
Hans
Hans
-
- SilverLounger
- Posts: 2062
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Java 7 security exploit in the wild: edit - now patched
Yes Hans ... funny though that at Update 6 it stopped working again. I contacted bank, saw that their web page was 'off line' this morning (ahha I thought!) and after I had reinstalled Java again I went back to the bank and web page/loggin all OKHansV wrote:But how about your online banking? Does that work with the new version?
Makes one think yet again ... why do they insist on using Java. Another bank I use does not need Java for netbanking.
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- SilverLounger
- Posts: 2062
- Joined: 02 Mar 2010, 16:53
- Location: An Aussie in Norway
Re: Java 7 security exploit in the wild: edit - now patched
Running Internet Explorer? ... this may be of interest.
http://www.kb.cert.org/vuls/id/636312
http://www.kb.cert.org/vuls/id/636312
CYa Ron
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
W11 pc, Android toys.
The only reason we have the 4th dimension of Time is so that everything does not happen at once.
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Java 7 security exploit in the wild: edit - now patched
That's the same web page TonyE pointed to yesterday, higher up in this thread. It mentions in passing that "This issue is addressed in Java 7 Update 7".
Best wishes,
Hans
Hans
-
- StarLounger
- Posts: 78
- Joined: 18 Feb 2010, 01:44
Re: Java 7 security exploit in the wild: edit - now patched
And now the patch needs a patch...
http://www.pcworld.com/article/261788/r ... #tk.hp_new
I've had Java removed (uninstalled) for a couple of months - can't tell the difference.
http://www.pcworld.com/article/261788/r ... #tk.hp_new
I've had Java removed (uninstalled) for a couple of months - can't tell the difference.
-
- Administrator
- Posts: 78631
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Java 7 security exploit in the wild: edit - now patched
Thanks, Jim - at least this new one is not out in the wild yet...
Best wishes,
Hans
Hans
-
- 4StarLounger
- Posts: 536
- Joined: 05 Feb 2010, 23:23
- Location: Whitehaven Cumbria UK
Re: Java 7 security exploit in the wild: edit - now patched
Having (yet again!) uninstalled JRE 7.7 and re-installed JRE 6.34 (seems the safest thing to do for the time being), I'm now being 'pestered' by requests to download JRE 7.7, even though I've unticked the 'check for updates automatically' and have also ticked the 'never auto download' (see screenshots). I note that when I go back into the Java Control Panel the 'check for updates automatically' box has somehow been re-ticked. I'd rather not go with JRE 7.7 until things settle down a bit (unless someone here recommends otherwise) So, is there any way that I can stop the Java requests to download JRE 7.7 please?
You do not have the required permissions to view the files attached to this post.
Regards,
Keith
Keith