NOT so fast on the Java Patch (A Bug In Its Critical Bug Fix)

[jim lin]

Here we go again time to disable Java again

Java Users Still Not Safe, Experts Report New Vulnerability to Oracle
http://news.softpedia.com/news/Java-Users-Still-Not-Safe-Experts-Report-New-Vulnerability-to-Oracle-Exclusive-289249.shtml

Researchers find critical vulnerability in Java 7 patch hours after release
https://www.computerworld.com/s/article/9230812/Researchers_find_critical_vulnerability_in_Java_7_patch_hours_after_release

 

[MrXidus]

Pfft... I'm glad I don't have Java installed at all. Such a dangerous component. No matter how many patches they release, There will always be holes for criminals to take advantage of.

It’s uncertain at this point if cybercriminals are aware of this vulnerability, but hopefully they’re not.

Well thanks to your news post, They are now!

Gowdiak has echoed what many security researchers have said before: If you don't need Java, uninstall it from your system.

Completely agree!

Oracle broke out of its regular four-month patching cycle on Thursday to release Java 7 Update 7, an emergency security update that addressed three vulnerabilities, including two that were being exploited by attackers to infect computers with malware since last week.

Since this is such a serious vunerability, Being a complete bypass of the Sandbox, I'm expecting (hoping) to see another emergency update ASAP.

You Java users would want to hope so!

 

[samit]

uninstalled java 2 days ago....i would not install java ever.....

 

[Viking]

After this new exploit, I have also uninstalled Java!
I wonder how long it will be before another vulnerability is found when v 7 to 8 is release? 2 minutes? 2 hours........??

 

[Plexx]

Looks like I will have Java on a VM to access the sites I need for work and that's it!

Why so many issues with Java?

 

[iPanik]

Why so many issues with Java?

A) Browsers have very little, if any, control over what a plug-in is doing.
B) All java code placed in memory is marked as executable, hence making DEP irrelevant.
C) Oracle is behind it. They don't care. </rant>

Here we go again time to disable Java again

If only i had a choice.

 

[HeffeD]

Why so many issues with Java?

Really just one reason. Installation footprint.

Java isn't inherently any more dangerous than any other application, but when you have your software installed on (as Oracle states) over 3 billion devices, you become a very tempting target for people to want to exploit your software.

There's really no need to get all paranoid because of these exploits folks. Flash gets exploited far more often than Java, but for some reason people don't think the sky is falling when it happens. :s

Just take the same precautions that I'm sure we already take with any internet facing applications, and you'll be just fine.