Comments on: New Java Vulnerability Being Exploited in the Wild http://blogs.cisco.com/security/new-java-vulnerability-being-exploited-in-the-wild/ Thu, 23 May 2013 13:00:27 +0000 hourly 1 By: Omar Santos http://blogs.cisco.com/security/new-java-vulnerability-being-exploited-in-the-wild/#comment-697869 Omar Santos Mon, 14 Jan 2013 13:40:58 +0000 http://blogs.cisco.com/?p=97371#comment-697869 Quick update: Oracle released a software update that fixes this vulnerability. The update is available on their website. If you disabled Java in the Java Control Panel, it will need to be manually re-enable it after installing the patch by using the check box in the Security tab of the Java Control Panel. I have updated the post with the appropriate links.

   1 like

]]> By: Jack Wei http://blogs.cisco.com/security/new-java-vulnerability-being-exploited-in-the-wild/#comment-697860 Jack Wei Sun, 13 Jan 2013 06:14:46 +0000 http://blogs.cisco.com/?p=97371#comment-697860 Because a fix is not currently available, users are strongly advised to disable Java and the Java plug-in in web browsers.

   0 likes

]]> By: Chris Shepard http://blogs.cisco.com/security/new-java-vulnerability-being-exploited-in-the-wild/#comment-697859 Chris Shepard Sat, 12 Jan 2013 20:20:13 +0000 http://blogs.cisco.com/?p=97371#comment-697859 Glad to see it’s just the web plugin that is vulnerable. I still haven’t found anything that is hitting 1.6 update 36 or 37. Ideally, people should just stop clicking through things that they didn’t ask for. We both know that will never happen.

   1 like

]]> By: Omar Santos http://blogs.cisco.com/security/new-java-vulnerability-being-exploited-in-the-wild/#comment-697857 Omar Santos Sat, 12 Jan 2013 20:04:34 +0000 http://blogs.cisco.com/?p=97371#comment-697857 Hi Chris, thank you for your comment! You have a very good point! This vulnerability is limited to JDK7. All other releases of Java are not affected. However, there are other vulnerabilities in those earlier versions of code that can also have serious implications. One additional note is that this vulnerability does not affect Java applications directly installed and running on servers, desktops, laptops, phones, and other devices. It only affects the browser plug-ins. Therefore, this is why many are recommending disabling Java in web browsers.

   1 like

]]> By: Chris Shepard http://blogs.cisco.com/security/new-java-vulnerability-being-exploited-in-the-wild/#comment-697856 Chris Shepard Sat, 12 Jan 2013 18:59:52 +0000 http://blogs.cisco.com/?p=97371#comment-697856 Looking through the CVE page it doesn’t appear to affect 1.6.036+. However, all versions of 1.7 are. Can we confirm this? I didn’t update to 1.7 because there were known vulnerabilities in it when it asked me to update but couldn’t find anything in 1.6.035(that I was on at the time). It’s worth looking at if they or people individually could just re-mediate to 1.6.037 and still maintain full functionality of Java.

   1 like

]]>