First Java 0-Day In 2 Years Exploited By Pawn Storm Hackers

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.

Re:Disable Java == Broken Websites

[amalcolm]

Java != JavaScript There havn't been many sites with Java Applets for a long while. This was the only use case for the plugun, and it's unrelated to 99.9% of the use of Java 'the langauge' and the JVM

Re:Disable Java == Broken Websites

[_merlin]

Most rack mount servers have an integrated management controller that lets you access the system over a network connection as though you had a local display/keyboard/mouse/storage. The client is usually a Java Web Start application, Java applet or similar. Hence you need Java to administer servers unless you can physically get to the rack and connect stuff to it.