@QIII,
Yes, it is estimated two years. We'll see how they react when it starts getting widely distributed, which will happen in the next day or so.
@Ms. Daisy,
Not really. Java applications needs access to the home directory. They need very little access otherwise, only to Java programs.What im saying is the only way to fully protect from java exploits is to configure apparmor so that java cannot behave like java. The malicious code runs basically like native java. Hence apparmor would have to disable java completely. I'd love to hear that im wrong...
The way most exploits work is to drop a second payload and execute it. Apparmor kills that immediately.
Obviously that's a pseudomitigation and trivial to bypass. So what else does AppArmor provide?
As an attacker who exploits a typical Java JRE we have access to the full user directory - home, interacting with other processes, reading the filesystem for sensitive info (for monetization or local exploitation), writing new executable files, persistence, etc.
As an attacker who exploits a JRE running with a strict apparmor profile we can read/write to some Java files, read a few more files, and interact with no other processes. Significantly more secure, not easy to monetize at all.
So while the Java code runs perfectly fine (of course, you need Java to run for Java to run, as you say) it's not able to do anything malicious.
Java code running isn't scary - or not super scary - it's what it does after it runs we worry about.
sig
This link deals with Java security flaw and windows.
http://ask-leo.com/should_i_disable_...K429IRa4eZdfbL
Hi all,
After hours of testing with limited available Java plugins and reading the following information, I am sure that Firefox 18 with Java 6 Update 38 and Java 7 Update 10 are not affected by the vulnerability even you do not implemented the Apparmor for Firefox. It is because Firefox 17 or above disabled the vulnerability Java plugins.
However, I have no available exploit to test Firefox 18 with Java 7 Update 11. Therefore, I strongly recommend anyone who has updated to Java 7 Update 11 need to aware of executing any Java Applet on his/her Firefox 18.
Or, you simply to uninstall/disable the Java 7 Update 11 or disable it after use. Meanwhile, I strongly believe that Apparmor for Firefox can protect your box from being compromised by this vulnerability; however, I have no evidence at the moment.
The following information is quoted from Add-ons Blocklist of Firefox :
The reference links :Code:Why was it blocked? The Java plugin is causing significant security problems. All users are strongly recommended to keep the plugin disabled unless necessary. Who is affected? All users who have these versions of the plugin installed in Firefox 17 and above. What does this mean? The problematic add-on or plugin will be automatically disabled and no longer usable.
All users who have the Java Plugin 6 Update 31 through 38 installed in Firefox 17 and above.
Java Plugin 6 updates 31 through 38 (click-to-play), Linux
Java Plugin 6 updates 38 and lower (click-to-play), Mac OS X
Java Plugin 6 updates 31 through 38 (click-to-play), Windows
All users who have the Java Plugin 7 Update 10 and lower installed in Firefox 17 and above.
Java Plugin 7 update 10 and lower (click-to-play), Linux
Java Plugin 7 update 10 and lower (click-to-play), Windows
Java Plugin 7 update 10 and lower (click-to-play), Mac OS X
Samiux
Last edited by samiux; January 17th, 2013 at 04:07 AM. Reason: fix format
Please read this link if you concern about the Java's latest update.
Samiux
I found this Thread after reading of a potential design flaw in the Java® Runtime Environment from as far back as Release 1.4; it was apparently uncorrected by both Sun Microsystems® and Oracle® in all of Java® SE 5 (all known Updates), 6 (through Update 39), and 7 (through Update 11) and may affect their OpenJDK and IcedTea counterparts as well. I removed Java® SE 6 Update 38 from my Asus® CM1630-06 (which runs Microsoft® Windows® 7.0.8001) and am awaiting information on a fix for the in-development (as of January 2013) Java® SE 8. (An attempt to uninstall OpenJDK 6 would break the Metapackage ubuntu-desktop in 12.04.1-LTS.)
What source procedure in OpenJDK holds this design flaw and therefore must be fixed to resolve this issue?
nVIDIA® nForce® chipsets require discrete GPU's up to Pascal and appropriate nVIDIA Kernel modules.
Most intel® ExpressSets™ and AMD® RS-Series are fully supported in open source.
Looks like ORACLE has just released another "PATCH"
Here: go , but not likely will show up in "Synaptic" for some time.
Use Synaptic to check your package list, and you will see "Iced Tea" often referred to.
Note what happens when you use Synaptic to uninstall parts of Opewnjdk, It appears to install other packages, strange.
Did you check your virus problems with Clamscan ?
Pay now, or pay later, there's no free lunch.
Bookmarks