Printed from http://www.electronista.com

New Java 7 exploit affects OS X, Windows, Linux users

updated 06:36 pm EDT, Mon August 27, 2012

Lion, Mountain Lion safeguards provide modest defense

A new security exploit in Java 7 is affecting Mac, Windows, and Linux users alike, according to an engineering manager for Metasploit, an open-source penetration testing framework. The vulnerability is described as "super dangerous," since an attack can be triggered simply by visiting a hacked or intentionally malicious website. OS X Lion and Mountain Lion do provide a modest level of protection, since Java isn't installed by default on the operating systems, which also ask users if they want to run the software.

More directly under threat are Leopard and Snow Leopard users, who do have Java preinstalled. With those two platforms Apple also chose to spin off its own Java releases, slowing down the potential response time for new threats. Apple will likely issue patches in the near future.

Java has been the main attack vector against Macs in recent months. Most famously OS X was targeted by the Flashback series of trojans, which were ultimately subdued but at one point had infected over 100,000 systems. Apple faced criticism for being slow to respond, since a vulnerability exploited by the trojans had already been fixed by Oracle months prior.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. hayesk

    Professional Poster

    Joined: 09-17-99

    This is why I turn Java off in Safari. For those go to sites requiring Java, perhaps consider using a different browser for just that site, and enable Java there.

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Don't turn Java off in Safari; just don't install it at all!

  1. dynsight

    Fresh-Faced Recruit

    Joined: 05-07-05

    Hayesk,

    Javascript is a client side scripting language which you can turn off in any browser... but you really shouldn't turn it off since so many sites depend upon it for functionality. There is not much JavaScript can do to harm your computer, at least of late (however, JavaScript within PDF's have been known to do some file copying...)


    JAVA is an object oriented programming language and platform that runs on multiple OS's. You used to run Java applets in websites, but they are rarely used anymore. In order to run Java, you have to install the entire library and framework from Sun/Oracle

    Other than having similar names, they are two different things.

  1. prl99

    Forum Regular

    Joined: 03-24-09

    Java actually is used by many enterprise-level applications so turning it off isn't an option. At least two of my main work applications use it so I'm stuck. Java was created to be platform agnostic, making it the perfect method for infecting every OS. Now we get to see how quickly Oracle fixes it and Apple adds it to software update.

  1. The Vicar

    Junior Member

    Joined: 07-01-09

    Yes, but you obviously don't know much about Java if you don't realize that websites can embed Java applets, and web browsers have the option to not run these applets. That's what Hayesk was talking about. It's in Safari's preferences window under the "Security" section, alongside the Javascript on-off option.

    But it's much, much better just to upgrade to 10.7 and then not install Java at all. Java is turning into a massive security hole these days.

  1. jreades

    Junior Member

    Joined: 02-02-99

    That's a nice idea, but doesn't work so well when you need, say, Processing, MATLAB, or many scientific or enterprise-level apps. The particular weakness being exposed here also emphasises the value of Java when things go well: write once, run anywhere.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Cat B100

Cat is primarily known for its heavy-duty machinery used in the construction industry and farming, among other areas. What may not be ...

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Sponsor

toggle

Most Commented

 
toggle

Popular News