Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Check if Your System is Vulnerable to the Latest Cross Platform Java Exploit !!
08-29-2012, 11:41 PM, (This post was last modified: 08-30-2012, 01:51 PM by sujay.)
#1
Check if Your System is Vulnerable to the Latest Cross Platform Java Exploit !!
The Fact
Two vulnerabilities [CVE-2012-4681] have been identified in the Java 7 (1.7) Update 0 to 6. It works in all browsers, which made all systems that run Java vulnerable to attack. According to an analysis of security journalist Brian Krebs, the number of vulnerable systems are about a billion.
Quote:How many systems are vulnerable? Oracle Corp., which maintains Java, claims that more than 3 billion devices run Java. But how many of those systems run some version of Java 7 (all versions of Java 7 are vulnerable; this flaw does not exist in Java 6 versions).
To get an idea, I asked Secunia, whose Personal Software Inspector program runs on millions of PCs. Secunia said that out of a random sampling of 10,000 PSI users, 34.2 percent had some version of Java 7 installed. In the same data set, 56.4 percent of users had an update of Java 6 installed. Assuming that Secunia’s 10,000 user sample is representative of the larger population of computer users, more than a billion devices could be vulnerable to attack via this exploit.

[Image: Slide1.png]

The nature of the exploit is somewhat complex but extensive damage can be made with this.
Quote:The beauty of this bug class is that it provides 100% reliability and is multiplatform. Hence this will shortly become the penetration test Swiss knife for the next couple of years (as did its older brother CVE-2008-5353).
Initially all the attacks were much targeted but it is being expected that the exploit code has gone public .
Quote:and is being folded into more widely-available attack tools such as Metasploit and exploit kits like BlackHole.
Am I vulnerable ??
This question should be in the mind of everyone. Check about this in any of the two sites.
http://www.isjavaexploitable.com/
or
http://zulu.zscaler.com/research/java_version.html
I am Vulnerable, Help !!
Oracle have moved to quarterly update scheme lately and so no patch is expected until coming October !! There are some unofficial patches but none have been made public and is request only at present. So, here are some solutions
1. Don't use Java!! Uninstall it.
Some security experts suggest it.
Quote:According to software giant Oracle, Java is deployed across more than 3 billion systems worldwide. But the truth is that many people who have this powerful program installed simply do not need it, or only need it for very specific uses. I’ve repeatedly encouraged readers to uninstall this program, not only because of the constant updating it requires, but also because there seem to be a never-ending supply of new exploits available for recently-patched or undocumented vulnerabilities in the program.
2. Use it for specific purpose.
Although the above argument is undeniable, many of us still need Java because it is required by many software (like Open Office, Freemind etc.) and also some useful websites require Java.
  1. Since, the main risk of using Java comes from using it in browsers, you can keep it disabled in your main browser (instructions 1 & 2) and enabled in a specific browser that you should use for browsing in specific sites.
  2. You may use the Click to Play feature in Firefox & Chrome. The beauty of this feature is that it keeps plugins like Java disabled by default and will remind you to enable it when it detects any visible content that requires it.
  3. You may also use the Quick Java plugin in Firefox for quickly enable Java when required.
3. Use Sandboxed Browsing
Use Sandboxed browsing as a habit. Sandboxie, Bufferzone Pro etc. are free software of this kind.
4. Use Anti-Executable Software
Most anti-executable software blocks such exploit kits since all exploit kits download malicious executable and execute it without user concern. EXE Radar is a Freeware anti-executable.
Note: Never think of downgrading to Java version 6 since it is not vulnerable to this exploit. That old version is vulnerable to many other exploits.
Like Post Reply
[-] The following 1 user Likes sujay's post:
INDRANIL
08-30-2012, 08:30 AM,
#2
RE: Check if Your System is Vulnerable to the Latest Cross Platform Java Exploit !!
Thank you For the detailed heads up Wink !!
Like Post Reply




Users browsing this thread: 1 Guest(s)

Contact Us | Insights in Technology | Return to Top | | Lite (Archive) Mode | RSS Syndication

Bookmark and Share