Feed
 

Java malware at it again

Avatar Euan Williams
Oh dear. A new Java zero-day malware exploit is doing the rounds in fully patched and updated Java installations.

NOTE: this relates to "Java" (the inter-platform programming language now maintained by Oracle, but previously installed by Apple under licence from Sun) and NOT to "Javascript" which is used on web sites for filling in forms etc.

If you haven't already prevented JAVA from running in your browser after the "Flashback" trojan last year, you should certainly do so today.

info:
http://www.hotforsecurity.com/blog/critical-java-exploit-spreads-like-wildfire-no-fix-available-4997.html

how:
http://nakedsecurity.sophos.com/2012/08/30/how-turn-off-java-browser/

Re: Java malware at it again

Avatar Mick Burrell
That first link returns an error - this should work:

Revised Link

Then click the "Read More" button.

Re: Java malware at it again

Avatar Euan Williams
Thanks, Mick! **
Apple have already taken action, see this:
http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/

** The story has been relegated to their homepage, just below the Japanese arrest of the "Hacker Cat" (possibly called Jim?).

Re: Java malware at it again

Avatar John Surtees
I know this sounds a bit sad, but sorry to say, I haven't a clue what Java does. Can anybody help clarify what is it's function?

I have disabled Java in Safari Prefs. What effect am I likely to find when surfing?

I have found 'Java VisualVM' in my Application folder. Should I remove it? What am I going to miss if I do?

Re: Java malware at it again

Avatar Mick Burrell
Java is a programming language. Programs can be written in Java and will then run on any platform - but in practice, not many are. Up to Snow Leopard, Apple supplied their own version of Java with the OS but since then, if you have any programmes that need it, you will be offered the chance to install it.

I think I'm right in saying that if you have any programmes that need Java, running them will not open you up to these attacks, it's only if you enable Java in a browser that they can "get in". I'm not aware of any web sites that need Java (as Euan says in his first post, JavaScript is entirely different and not an issue) so turning it off in your browser shouldn't cause you any issues at all - at least, it hasn't for me!

I think Java VisualVM is to help in Java programming. I doubt you need it but I also suspect it's doing no harm where it is. I'd search online to try to find out a bit more about it before deleting it though.

Re: Java malware at it again

Avatar Euan Williams
Oracle have announced a fix for this malware:

http://www.macrumors.com/2013/01/14/oracle-updates-java-7-to-address-security-vulnerability/

The discussions that follow remind even non-Java users that it is sensible to update any Java installation they may have on their computer.
 
Feed