• Support
  • Forums
  • Blogs

New year, new Java zeroday! - AlienVault Labs


New Life Form

image New year, new Java zeroday! - AlienVault Labs

AlienVault R&D Labs Portal. Get the latest news from our research.

Read the full story here

Share post:


  • Disabling the "Java Plug-In" is much simpler than what is referenced in the link if you have 7u10 installed.

    - Open the Java control panel
    - Click on the "Security" tab
    - Uncheck the option labeled "Enable Java content in the browser"

    This will prevent any applets or web start apps from running, with the exception of web start apps that have been installed locally.
  • You're right!. Thank you for sharing this tip!
  • Thanks for this !
  • Does this apply to Java 6 update 38 or is it restricted to Java 7?
  • Bromium vSentry would actually protect the machine against this exploit.
  • My bank uses Java for on-line banking access.

    It has advised me that this problem does not apply to Windows (only to Macs). Is that advice correct?
  • @ralphgliding: The screenshot above is from a Windows computer.
  • Jaime - perhaps you can correct me if I am wrong.  But my understanding of this vulnerability is that it is rooted in the permission checking related to the java reflection API.  This is code that would be platform independent, so would affect you regardless of the platform the JVM is running on.
This discussion has been closed.