So, i was sipping on my evening tea and doing what i do most of the time – WebDev. I got a warning on Firefox, recommending to disable the java plugin. Investigating a little, i found this on secunia:
A vulnerability has been discovered in Oracle Java, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to an error in how the “setSecurityManager()” function can be called, which can be exploited by an applet to set its own privileges to e.g. allow downloading and executing arbitrary programs.
Successful exploitation allows execution of arbitrary code.
NOTE: This is currently being actively exploited in targeted attacks.
The vulnerability is confirmed in version 7 update 6 build 1.7.0_06-b24. Other versions may also be affected.
A critical flaw in java has been discovered by FireEye. This flaw is ALREADY being used in the wild. Just by you visiting a malicious page, the attacker can gain access to your computer remotely.
In short, even if you have up-to-date system and have java installed, you can get hacked! If you had to fill up a CAPTCHA to enter this site, chances are, your system is already compromised. (Not necessarily by this java vulnerability.) You should update your antivirus and run a scan.
Metasploitians, rejoice! The exploit is already landed in metasploit. Updated and give it a try.
Anyway, here’s how to disable java and be safe. The instructions can’t get simpler than this. If you did not understand, High Five. On your face!
Just type “chrome://plugins” or “about:plugins” in the address bar. Find java from the list and click disable. If you have multiple users in chrome, you will have to do it for each user.
1. Go to Start > Control Panel > Programs
2. Select Java
3. Select Java > View…
4. Uncheck both the check-boxes
Find Sun Java 6/7 Plugin Control Panel under others or search for ‘java’ in the menu. Then in the ‘Java Control Panel’ > Java > View > Uncheck all.
I do not own a mac, so here’s a link: http://stikine.wordpress.com/2012/04/05/2549j48b/
And… you’re safe. Almost.