Saturday, January 12, 2013
Thunderpaw Cyber Security ALERT Serious Java Vulnerability
11 January 2013
Thunderpaw recommends all Internet users immediately disable all Java on their web browsers.
Contact: David Lyle ? david@thunderpaw.com
Recent attacks have been significant and provide critical vulnerabilities to all Internet users.
These vulnerabilities (Java) allow attackers to infect all systems with code which could destroy or steal information without detection. Running anti-virus software does NOT protect against these attacks.
Sun/Oracle has not released a patch yet (1/12/2013), and this vulnerability may effect other versions of Sun/Oracle Java (run by most every system).
Thunderpaw recommends all users IMMEDIATELY disable ALL Java versions on web browsers indefinitely.
We realize this is harsh, but the attacks are indeed that serious.
David Lyle
Senior Cyber Security Analyst
Thunderpaw
For further information:
How to disable java in most browsers including Internet Explorer, Chrome, and Firefox http://www.pcmag.com/article2/0,2817,2414191,00.asp
How to test to see if Java is disabled in your browser: http://java.com/en/download/testjava.jsp
Information Week article on this java vulnerability: http://www.informationweek.com/security/attacks/java-under-attack-again-disable-now/240146082
CERT Vulnerability Notice: Java 7 fails to restrict access to privileged code
update 7pm
Apple blacklists Java on OS X (yes, Apple products are vulnerable too) : http://arstechnica.com/apple/2013/01/apple-blacklists-java-on-os-x-to-prevent-latest-critical-exploits/
?
Update
Android phones do not appear to be vulnerable due to using a different version of Java and API calls. At this point it is only Sun/Oracle version of Java that is affected.
Source: http://www.thunderpaw.com/2013/cyber-security-alert-serious-java-vulnerability
sparkle sacagawea new hope baptist church associated press foster friess new orleans hornets ghost rider spirit of vengeance
No comments:
Post a Comment