Java Zero Day Flaw

**Khalinov** · 08-28-2012 07:19 PM

Be warned:

Originally Posted by PC World

Kandek warns that until a patch is released, the only real defense users can employ is to limit the use of Java or uninstall it altogether. Uninstalling it may be a tad extreme, though. There are options within the Java security controls to restrict its use to well-known websites that are less likely to harbor malicious exploits.

ref: http://www.pcworld.com/businesscente...er_attack.html
ref: http://www.theregister.co.uk/2012/08...block_exploit/

**mTurkMeister** · 08-28-2012 07:36 PM

This is very serious. I have never had concerns about Java in the past because it worked so well in my experience despite what some were saying.

I did have a bad experience about a month ago with malware that made my system unusable. I was doing a HIT and noticed one of the websites I navigated to (looking for email) was acting peculiar. I closed the tab, but almost immediately after the malware attacked my system. First it disabled my Firewall and then my antivirus. It was one of those virus scan programs that reported my system had 138 serious problems and to buy their product immediately. It then rebooted my system, gave me the same message and rebooted over and over again.

I'm not sure what I'm going to do about this new problem, but definitely I will curtail my mTurk activities until I know more.

**dsm_dolouz** · 08-28-2012 07:55 PM

Wow.. can you roll back to v1.6?

Edit: NM, thankfully I'm still on v1.6. *wipes brow*

**mTurkMeister** · 08-28-2012 09:09 PM

I discovered something interesting. Firefox disabled Java on Aug 14. Seems unlikely that I didn't require it at some point in the last two weeks, but that seems to be the case. So all Firefox users are probably OK, unless they overrode the block.

Here are the details in the Firefox Addon Options.

Java Plugin has been blocked for your protection.

Why was it blocked?
Outdated versions of the Java plugin are vulnerable to an actively exploited security issue. All users are strongly encouraged to update their Java plugin. For more information, please read our blog post or Oracle's Advisory.
Who is affected?
All Firefox users who have installed the Java plugin, JRE versions below 1.6.0_33 or between 1.7.0 and 1.7.0_4.
What does this mean?

Users are strongly encouraged to disable the problematic add-on or plugin, but may choose to continue using it if they accept the risks described.
When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use. For more information, please read this support article.

Blocked on August 14, 2012.

**Khalinov** · 08-30-2012 10:52 AM

Follow up: http://www.zdnet.com/java-zero-day-s...es-7000003467/

And from that article, a handy link that lets you know if you are vulnerable: http://www.isjavaexploitable.com/

There is no way in Hades I would be doing any HITs that required me to click on blind links (I’m looking at you, Classify This).

Thread: Java Zero Day Flaw

Thread Tools

Display

Java Zero Day Flaw

Posting Permissions