UPDATE:
Oracle have now released an out of cycle patch which should go some way to alleviating fears surrounding the 0-day vulnerability everyone has known about for some time now.
If you haven’t already gotten rid of Java for good then you need to head over to http://java.com/en/download/index.jsp in order to get the latest version NOW because, as Oracle themselves say…
_____________________________________
As I am sure you are well aware by now the big security story of the week is the zero day vulnerability found in the Java Runtime Environment.
With so much being written and said over the last few days I thought the best way of getting the latest info to you was via the following tweets which you can interact with – you can click on the links to read more and even reply directly from here.
1. Chet Wisniewski from Sophos reports that a Polish security company may have made Oracle aware of this and other vulnerabilities back in April:
Java zero day confirmed in Blackhole exploit kit. Learn how to disable Java in your favourite browser bit.ly/OwP2Ki
— Graham Cluley (@gcluley) August 30, 2012
2. Trevor Pott from The Register tells a personal tale of his hatred for Java:
Sysadmin blog: Why Java would still stink even if it wasn’t security swiss cheese: Nuke it from orbit – it’s the onl… reg.cx/1XPN
— The Register (@regvulture) August 30, 2012
3. Everyones’ favourite at The Register, John Leyden, explains how there are actually two zero-day flaws and offers a timely reminder that it may not just be Windows users who are at risk:
Super-critical Java zero-day exploits TWO bugs: Write Once, Exploit Everywhere. A potent Java security vulnerability… reg.cx/1XPJ
— The Register (@regvulture) August 30, 2012
4. Need protection from the latest Java vulnerability? Lucian Constantin from TechWorld tells you how:
Six ways to protect against the new actively exploited Java vulnerabilitybit.ly/O3u8TU
— Team Cymru (@teamcymru) August 30, 2012
5. Gregg Keizer of MacWorld explains how the zero-day explot has gone mainstream and is now being served up from over 100 unique domains:
Java zero-day exploit goes mainstream, 100sites serve malwarebit.ly/S0PFCH
— Team Cymru (@teamcymru) August 30, 2012
6. Andre’ M. DiMino and Mila Parkour from DeepEndResearch offer up some analysis of the vulnerability:
CVE-2012-4681 Java 7 0-Day vulnerability analysis bit.ly/Ns8ihk
— Team Cymru (@teamcymru) August 30, 2012
7. Lastly, Brian Honan asks the question which I’m sure we all want the answer to : when will Java be patched?
Any update from Oracle if they will be posting an out of band patch for Java 7? Next scheduled CPU is Oct 13 oracle.com/technetwork/to…
— BrianHonan (@BrianHonan) August 30, 2012
Have you got any more news on the Java situation?
About Lee Munson
