A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle's Java patch schedule, it may be some time before a fix becomes widely available.
The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday, while PCs with Java versions 1.6 or earlier installed are not at risk.
The vulnerability allows attackers to use a custom web page to force systems to download and run an arbitrary payload – for example, a keylogger or some other type of malware. The payload does not need to be a Java app itself.
The vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, Atif Mushtaq of security firm FireEye reported on Sunday, while PCs with Java versions 1.6 or earlier installed are not at risk.
The vulnerability allows attackers to use a custom web page to force systems to download and run an arbitrary payload – for example, a keylogger or some other type of malware. The payload does not need to be a Java app itself.
In case you don't know how to disable it
+ Show Spoiler +
In Firefox: Press Firefox button -> Add-ons, go to Plugins and click the "Disable" button next to anything named "Java".
In Chrome: Type in: "chrome://plugins/" into the address bar (no speech marks). Scroll down to Java and click disable.
In Opera: Type in "opera:plugins" into the address bar (no speech marks). Scroll down to:
Java(TM) Platform <click on> Disable.
Java Deployment Toolkit <click on> Disable.
In Internet Explorer:
Disable UAC (if enabled) and restart.
Open the Java app in Control Panel.
Go to advanced tab.
Expand Default Java for browsers.
The checkbox next to IE is grayed out. Select Microsoft Internet Explorer and press spacebar so it is unchecked (no tick). Click OK.
You can re-enable UAC and restart now.
In Chrome: Type in: "chrome://plugins/" into the address bar (no speech marks). Scroll down to Java and click disable.
In Opera: Type in "opera:plugins" into the address bar (no speech marks). Scroll down to:
Java(TM) Platform <click on> Disable.
Java Deployment Toolkit <click on> Disable.
In Internet Explorer:
Disable UAC (if enabled) and restart.
Open the Java app in Control Panel.
Go to advanced tab.
Expand Default Java for browsers.
The checkbox next to IE is grayed out. Select Microsoft Internet Explorer and press spacebar so it is unchecked (no tick). Click OK.
You can re-enable UAC and restart now.
Thought you guys might want to know about this if you haven't heard form somewhere else. The whole article can be read here http://www.theregister.co.uk/2012/08/27/disable_java_to_block_exploit/