A new Java 0-day exploit is running around the Internet this week.
Every browser which use the newest Java version is vulnerable! No matter which operating system you use.
If you think about installing older version of Java, that’s also bad idea, because older versions are full of security bugs as well!
What you need to do is to turn off Java in your browsers!
If you want to check if Java in your browser is vulnerable, go to http://www.isjavaexploitable.com/ and you will see.
To disable Java in your browser, in Windows, do next:
Mozilla Firefox: From the main menu select Add-ons, and then disable any plugins with the word “Java” in them. Restart the browser.
Google Chrome: Click the wrench icon in the upper right corner of the browser window, then select Settings. In the search results box to the right in the next screen, type “Java”. A box labeled “Content settings” should be highlighted. Click that, and then scroll down to the Plug-ins section. Click the “Disable individual plug-ins” link, find Java in the list, and click the disable link next to it.
For those who want to find out more about exploit
For those who are interested in details of this exploit, check here good analysis. The beauty of this bug class is that it provides 100% reliability and is multiplatform. PoC exploit was first published by Jduck and exploit itself you can see here
Experience tells us that Oracle will not be fast with an update, so most probably this bug will not be fixed soon.
Picture source.
If you liked the post, we should get connected - follow me on Twitter