• Support
  • Forums
  • Blogs

New Release!

AlienVault v5.1.1 is now available for OSSIM and USM. Learn more

Update!

Check out the new Open Threat Exchange (OTX) - with social sharing of threat data. Sign up today

New year, new Java zeroday! - AlienVault Labs

edited January 2013 in AlienVault Labs

image New year, new Java zeroday! - AlienVault Labs

AlienVault R&D Labs Portal. Get the latest news from our research.

Read the full story here


Comments

  • Disabling the "Java Plug-In" is much simpler than what is referenced in the link if you have 7u10 installed.

    - Open the Java control panel
    - Click on the "Security" tab
    - Uncheck the option labeled "Enable Java content in the browser"

    This will prevent any applets or web start apps from running, with the exception of web start apps that have been installed locally.
  • You're right!. Thank you for sharing this tip!
  • Thanks for this !
  • Does this apply to Java 6 update 38 or is it restricted to Java 7?
  • Bromium vSentry would actually protect the machine against this exploit.
  • My bank uses Java for on-line banking access.

    It has advised me that this problem does not apply to Windows (only to Macs). Is that advice correct?
  • @ralphgliding: The screenshot above is from a Windows computer.
  • Jaime - perhaps you can correct me if I am wrong.  But my understanding of this vulnerability is that it is rooted in the permission checking related to the java reflection API.  This is code that would be platform independent, so would affect you regardless of the platform the JVM is running on.
This discussion has been closed.