Homeland security says stop using Java

[mike123abc]

Apple blocked java on macs:

http://www.macrumors.com/2013/01/11...n-os-x-to-address-widespread-security-threat/

Apple has, however, apparently already moved quickly to address the issue, disabling the Java 7 plug-in on Macs where it is already installed. Apple has achieved this by updating its "Xprotect.plist" blacklist to require a minimum of an as-yet unreleased 1.7.0_10-b19 version of Java 7. With the current publicly-available version of Java 7 being 1.7.0_10-b18, all systems running Java 7 are failing to pass the check initiated through the anti-malware system built into OS X.

http://www.zdnet.com/homeland-security-warns-to-disable-java-amid-zero-day-flaw-7000009713/

The U.S. Department of Homeland Security has warned users to disable or uninstall Java software on their computers, amid continuing fears and an escalation in warnings from security experts that hundreds of millions of business and consumer users are vulnerable to a serious flaw.

 

[DodgerKing]

FF removed it automatically. This stinks because a lot of the websites I visit require Java. I cannot watch the live cams at some of my ski resorts now.

 

[Sean Mota]

This is bad. What is oracle doing about this. How do you disable it on windows?

 

[mike123abc]

This is bad. What is oracle doing about this. How do you disable it on windows?

If you have chrome you can just go to chrome://plugins, scroll down to java and click disable. That is all I did, I left it working on IE. If I need to go somewhere with Java I will use IE.

The problem you have of course is that with a bad exploit like this you could be attacked anywhere. Even here if one of the ad servers gets hit like it did a few weeks ago.

You can also go into the control panel and uninstall java.

Or you can go into the java control panel and disable web browsing http://java.com/en/download/help/disable_browser.xml

 

[Bodo Fenrirsson]

I just went ahead & uninstalled Java from my Mac. I had Java 7 & my Chrome can't use it anyway,it'll only use Java 6.

 

[Teehar]

Glad FF is being proactive.I just went into plugins to check java settings.It has an ! and more info link

https://addons.mozilla.org/en-US/firefox/blocked/p182

 

[TheForce]

Question-

Doesn't Blu Ray disk menus use Java in some fashion? I don't do much blu ray menu authoring but I wonder if there are any security issues possible if your player is using BD live?

 

[rv1pop]

Strange, but isn't this old news? I just checked and it was blocked October 12, 2012....

 

[mike123abc]

Strange, but isn't this old news? I just checked and it was blocked October 12, 2012....

There was another big bug found back in October too.

 

[Magic Static]

My AV popped up and avised me I won't have a problem. It has the JAVA exploit under control. It also advises that JAVA still needs fixed though.

 

[Sean Mota]

How about Android devices are they affected

 

[Sean Mota]

IPad, iPhone?

 

[harshness]

Like most things that are "owned" by Oracle, if it isn't a cash cow, it doesn't get much love.

For those who want to get to the bottom of what this issue represents, visit the CERT website:

http://www.us-cert.gov/cas/techalerts/TA13-010A.html

 

[Neutron]

My FF 18 still had Java enabled though it had a warning about possible security vulnerabilities.

 

[Foxbat]

OS X Lion and Mountain Lion use the new security feature Apple added that let's them update a minimum revision level for software. Apple set it so the Java Runtime Environment had to be greater than 10.7.10_b29 which effectively disabled Java on those Macs that had it installed.

I know we're in trouble at work because we have an older web-based app the doesn't work correctly with anything newer than the version of JRE that it was written for. There has been some discussion of configuring IE to use Group Policy to enforce which Internet zones allow Java to run.