Jump to content

New Java 7 security exploit is out


RebelNode
 Share

Recommended Posts

Since almost everyone on these forums has java 7 installed on their machines, I felt like warning you a bit. Yesterday some hackers released a 0-day java 7 security exploit, which allows them to run any code on your machine. All you have to do is click a link in your internet browser or email client and you're infected. 0-day also means that there's no patch for it yet, so there's no way for you to protect yourself other than uninstall java 7 (and thus technicpack) or be extremely cautious until a patch comes out.

I'm not gonna click any links on these forums or minecraft forums (2 of the biggest java7-using communities in the internet) until a patch comes out and I suggest you do the same.

Anyway, here's a link with more info. I suggest you don't click it. But how could you resist?

http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html

Link to comment
Share on other sites

Don't want to sound like a total idiot here, but how do I check if I have Java enabled for my browser?

I would have expected more from a Viking Hacker. ):

Anyway, for Chrome, here's how it goes. Click the little wrench, settings, show advanced settings, content settings, scroll down to plugins, here, you can "block all" or disable individual plugins. If you took the second option, search for java in your plugins and simply disable it.

You might want to know you can edit exceptions if there are java scripts you really want to keep.

Link to comment
Share on other sites

Eh, unsurprising and uninteresting, considering most every other damn thing that's ever run in a browser has experienced this. Funnily enough, only the browser is supposed to be protected at all in the first place: The main Java program (like if you run a .jar such as Minecraft) has no SecurityManager running and can do anything you can.

Link to comment
Share on other sites

No, that's sort of the point of the exploit, to run without any user interaction besides visiting the malicious site.

yes, I am saying, it may still require me to to click on the button in Chrome that says "Run this time" or the one that says "Always run on this site" and windows defender or whatever might say: "do you want run this random ".jar" thing that randomly decided to run?"

Think about what happens if said security features are on and you try running Vanilla MC online or not.

Link to comment
Share on other sites

People have Java enabled in their browsers? Considering that this is not the first time there was a known exploit, I'd have expected people to be at least a little bit more careful about that sort of thing...

Problem for tekkit users is the Nuclear Reactor Planner, the links to various reactor designs only work if you have java enabled on your browser. Of course you can just download the jar for the planner and copy paste some numbers out of the url, its just more annoying to do.

Its pretty hard to get java to work in Firefox if you have 64 bit Java installed, as it expects the 32 bit version.

Link to comment
Share on other sites

but it would require me to click "run this time," assuming it is set to ask.

Perhaps you don't understand the concept of an exploit, as in, no, it won't ask you that, because it's letting the program do something it's not supposed to let it do. Usually by buffer-overrun, chernobyl packet/header, or unchecked constant-value bounds flaws in a program.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...