Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple and Mozilla Block Vulnerable Java Plug-ins

Posted by Soulskill on from the no-dogs-allowed dept.

hypnosec writes "Following news that a Java 0-day has been rolled into exploit kits, without any patch to fix the vulnerability, Mozilla and Apple have blocked the latest versions of Java on Firefox and Mac OS X respectively. Mozilla has taken steps to protect its user base from the yet-unpatched vulnerability. Mozilla has added to its Firefox add-on block-list: Java 7 Update 10, Java 7 Update 9, Java 6 Update 38 and Java 6 Update 37. Similar steps have also been taken by Apple; it has updated its anti-malware system to only allow version 1.7.10.19 or higher, thereby automatically blocking the vulnerable version, 1.7.10.18." Here are some ways to disable Java, if you're not sure how.

1 of 88 comments (clear)

  1. Re:Why this zero-day? Why Java? by thsths · · Score: 5, Insightful

    > Why does this one deserve special treatment?

    Because it is
    * wide spread, both in terms of users and in terms of malicious sites
    * serious: remote exploit with none but the initial user interaction
    * arrogant of Oracle not to respond
    * avoidable, because nearly nobody needs Java anyway

    Oracle really dropped the ball here, and they deserve to be kicked.