Comments on: Java SE 7u7 Update Resolves Recent Security Issue http://osxdaily.com/2012/08/30/java-se-7u7-update-fixes-security-issue/ News, tips, software, reviews, and more for Mac OS X, iPhone, iPad Wed, 22 May 2013 19:52:33 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: Derek Currie http://osxdaily.com/2012/08/30/java-se-7u7-update-fixes-security-issue/#comment-422705 Derek Currie Sat, 01 Sep 2012 07:17:19 +0000 http://osxdaily.com/?p=32902#comment-422705 --> Because a NEW zero-day security hole has been discovered, there is now NO SAFE VERSION of JAVA available that I know of. That is likely to include Java "6", v1.6 Update 35, although verification is required. Therefore, either TURN IT OFF or uninstall it, if you bothered to install it at all. It can be turned off via the Java Preferences app found in your Utilities folder. UNcheck it under the 'General' tab. Here is another article about the subject: http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/ To quote: "Security Explorations, the Polish security startup that discovered the Java SE 7 vulnerabilities that have been the targets of recent web-based exploits, has spotted a new flaw that affects the patched version of Java released this Thursday.... "Security Explorations founder and CEO Adam Gowdiak was able to confirm that the defect does affect Java SE 7 Update 7, which Oracle released this week as a rare out-of-band patch.... "As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems. "Unlike the earlier vulnerabilities, no known exploit of the new flaw has yet been found in the wild, but Gowdiak says he included proof-of-concept code with the report to demonstrate that an exploit is indeed possible.... "For the time being, given the apparent similarity of this flaw to the ones previously reported, users are advised to either disable Java in their browsers or uninstall it completely to avoid falling prey to any future exploits." –> Because a NEW zero-day security hole has been discovered, there is now NO SAFE VERSION of JAVA available that I know of. That is likely to include Java “6″, v1.6 Update 35, although verification is required. Therefore, either TURN IT OFF or uninstall it, if you bothered to install it at all. It can be turned off via the Java Preferences app found in your Utilities folder. UNcheck it under the ‘General’ tab.

Here is another article about the subject:
http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/

To quote:

“Security Explorations, the Polish security startup that discovered the Java SE 7 vulnerabilities that have been the targets of recent web-based exploits, has spotted a new flaw that affects the patched version of Java released this Thursday….

“Security Explorations founder and CEO Adam Gowdiak was able to confirm that the defect does affect Java SE 7 Update 7, which Oracle released this week as a rare out-of-band patch….

“As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.

“Unlike the earlier vulnerabilities, no known exploit of the new flaw has yet been found in the wild, but Gowdiak says he included proof-of-concept code with the report to demonstrate that an exploit is indeed possible….

“For the time being, given the apparent similarity of this flaw to the ones previously reported, users are advised to either disable Java in their browsers or uninstall it completely to avoid falling prey to any future exploits.”

]]> By: Federico http://osxdaily.com/2012/08/30/java-se-7u7-update-fixes-security-issue/#comment-422579 Federico Fri, 31 Aug 2012 19:15:58 +0000 http://osxdaily.com/?p=32902#comment-422579 Just when you thought you were home and dry: http://arstechnica.com/security/2012/08/critical-bug-discovered-in-newest-java/ Just when you thought you were home and dry:

http://arstechnica.com/security/2012/08/critical-bug-discovered-in-newest-java/

]]> By: vdiv http://osxdaily.com/2012/08/30/java-se-7u7-update-fixes-security-issue/#comment-422564 vdiv Fri, 31 Aug 2012 18:29:33 +0000 http://osxdaily.com/?p=32902#comment-422564 If one is content with using Oracle's java distribution is there a way to remove Apple's? If one is content with using Oracle’s java distribution is there a way to remove Apple’s?

]]> By: Pencil http://osxdaily.com/2012/08/30/java-se-7u7-update-fixes-security-issue/#comment-422462 Pencil Fri, 31 Aug 2012 09:56:13 +0000 http://osxdaily.com/?p=32902#comment-422462 You linked the JDK instead of the JRE (http://www.java.com/en/download/manual.jsp) You linked the JDK instead of the JRE (http://www.java.com/en/download/manual.jsp)

]]> By: Aberto I http://osxdaily.com/2012/08/30/java-se-7u7-update-fixes-security-issue/#comment-422456 Aberto I Fri, 31 Aug 2012 09:29:36 +0000 http://osxdaily.com/?p=32902#comment-422456 Oracle sucks! They knew about 19 fails in Java 1.7 from April… And from this date they have corrected only 3… They are just bandit! Oracle sucks!
They knew about 19 fails in Java 1.7 from April…
And from this date they have corrected only 3…

They are just bandit!

]]> By: Tony http://osxdaily.com/2012/08/30/java-se-7u7-update-fixes-security-issue/#comment-422390 Tony Fri, 31 Aug 2012 02:27:17 +0000 http://osxdaily.com/?p=32902#comment-422390 Oracle knew this vulnerability since one or two months allready , for today purpose the "Solution", ok, it's better then nothing....but good to know they knew the prob' since long time, & without doing nothing.....how many ppl be affected by this, since them wake up ? In all cases, JAVA not serv many ppl today...so, not an big deal... Oracle knew this vulnerability since one or two months allready , for today purpose the “Solution”, ok, it’s better then nothing….but good to know they knew the prob’ since long time, & without doing nothing…..how many ppl be affected by this, since them wake up ?

In all cases, JAVA not serv many ppl today…so, not an big deal…

]]>