First Java 0-Day In 2 Years Exploited By Pawn Storm Hackers

An anonymous reader writes with Help Net Security's report that a new zero-day vulnerability in Java is being exploited, quoting from which: The flaw was spotted by Trend Micro researchers, who are closely monitoring a targeted attack campaign mounted by the economic and political cyber-espionage operation Pawn Storm. The existence of the flaw was discovered by finding suspicious URLs that hosted the exploit. The exploit allows attackers to execute arbitrary code on target systems with default Java settings. Until a patch is made, disabling Java is the recommended course of action.

Re:Disable Java == Broken Websites

[gstoddart]

I very much doubt a significant majority of websites use Java. Javascript, maybe.

And you know what? If you hit a website which requires you run unsecure shit which allows arbitrary code execution? Maybe you should realize that's a good time to leave it disabled and find another site.

If you're letting every site on the planet run Java, Javascript, and Flash ... well, congratulations, you're who they make zero day exploits for.

I haven't seen a non-work related website requiring actual Java in years.

I consider those "please enable cookies and disable all security" warnings as a sure sign of either a badly done website, or one which is so focused on marketing and analytics that I don't give a crap if I can't reach their site.

It's your security, either you take ownership of it, or you throw your hands up and decide that the world will end if you don't allow some website to run Java. You can't have it both ways.