Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java Zero-Day vulnerability being heavily exploited in the wild


  • Please log in to reply
31 replies to this topic

#1 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:05 AM

Posted 12 January 2013 - 01:01 AM

A new vulnerability in Oracle's Java browser extension has been found. This exploit has already been added to many prevalent exploit kits and is under heavy use by malware authors. Even the latest version of Java (7u10) is vulnerable to this attack.

Find more information on this attack here. http://nakedsecurity.sophos.com/2013/01/10/protect-yourself-against-latest-java-zero-day-vulnerability-now-maljavajar-b/

It is strongly recommended that all users disable Java until an update patching the flaw has been released. Instructions on disabling Java can be found at the following links (with thanks to Sophos):

How to disable Java in Internet Explorer
How to disable Java in Firefox
How to disable Java in Chrome
How to disable Java in Safari
How to disable Java in Opera

Alternatively, you can simply uninstall Java from your computer.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:05 AM

Posted 12 January 2013 - 07:50 AM

Instead of disabling Java in various browsers, you can disable Java content to be run in any web browser from the Java Control Panel.

Posted Image

Java Control Panel is located inside the Control Panel. You can search it from Start Menu in Windows 7/Vista/XP or through Search charm in Windows 8.

#3 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:05 AM

Posted 12 January 2013 - 09:53 AM

>>>Instead of disabling Java in various browsers, you can disable Java content to be run in any web browser from the Java Control Panel....
Java Control Panel is located inside the Control Panel. You can search it from Start Menu in Windows 7/Vista/XP or through Search charm in Windows 8
.<<<

@Romeo: That feature was just added in ver 7 update 10 (latest *AHEM* secure ver) ... users with previous versions who wish to disable Java in their browsers have three choices as I see it:

1) Keep their current version and perform the various cyber-gymnastics as described in the links provided by Blade :workout:
2) Update to ver 7 u 10 and untick one box in javacpl.exe :whistle:

or

Alternatively, you can simply uninstall Java from your computer.


Edited by Union_Thug, 12 January 2013 - 09:59 AM.


#4 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:05 AM

Posted 12 January 2013 - 09:55 AM

You see this is one of the 10 reasons why I hate java.
Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#5 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:05 AM

Posted 12 January 2013 - 11:19 AM

You see this is one of the 10 reasons why I hate java.


Here's another...

Just for giggles I kept Java enabled in a Win 7 VM & today when I fired it up & checked Add-on Mgr in Firefox it said "use with caution" but was "enabled" (screenshot)

Posted Image
Clicking the "more information" link led me to this page @ Mozilla which read the following:

Java Plugin 7 update 10 and lower (click-to-play), Windows has been blocked for your protection.

Why was it blocked?
The Java plugin is causing significant security problems. All users are strongly recommended to keep the plugin disabled unless necessary.

Who is affected?
All users who have these versions of the plugin installed in Firefox 17 and above.

What does this mean?

The problematic add-on or plugin will be automatically disabled and no longer usable.


When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria, the software may be blocked from general use. For more information, please read this support article.

Blocked on October 30, 2012. View block request.


When I go to the Java test site I get the following result: (screenshot)

Posted Image

After "clicking here" Java, which Mozilla described as automatically disabled and no longer usable was re-enabled. :wacko:

Posted Image

Edited by Union_Thug, 12 January 2013 - 11:21 AM.


#6 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:05 AM

Posted 12 January 2013 - 12:31 PM

Union_Thug, you are right :)

Edited by Romeo29, 12 January 2013 - 01:53 PM.


#7 JoanneMT

JoanneMT

  • Members
  • 180 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:05 AM

Posted 12 January 2013 - 02:18 PM

I hope this is not off topic, but I just uninstalled all Java and JRE from my machine. I'm sure it did its dirty work already and I'm looking at a "Dr.Watson fix-it tool" on http://fix-kit.com/Drwtsn32-Exe-Error-Repair/repair/?... (uid info). If a package could do all that I'd love it!

But I was just on Ebay, and after removing Java and restarting acouple of times, I saw a Java note at the bottom of the page (Chrome) where I also disabled Java before I uninstalled it. I have demons in my machine!!! XP SP3, w/Secunia and MS Security Essentials (that hasn't found anything like Super anti spyware and RogueKiller V8.4.1 [Dec 28 2012] by Tigzy (not sure how I got there, I try to only download here). I've disabled most startup items in MSCONFIG, but see a blank line associated with a registry key; and another command that says something like -keep quiet - do not stop.

I'm exhausted and will probably go for a rest. Should I keep running the AV cleaners you all have recommended? I haven't logged onto my bank for ages and am getting antsy about that. Thanks for your help.

Oh, and before I saw that Javascript note, I had verified that Java was no longer on my machine...

Edited by JoanneMT, 12 January 2013 - 02:20 PM.


#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:05 AM

Posted 12 January 2013 - 04:41 PM

Personally I think the easiest solutions are the following:

Using a version of Java that is not Version 7 Update 10


1. Uninstall all versions of Java.

2. Download and install Version 7 Update 10 from the following locations depending on the bit-type of Windows:

Windows Offline (32-bit)
Windows Offline (64-bit)


3. Disable Java in your browsers by following these steps: http://www.java.com/en/download/help/disable_browser.xml

Java will now be disabled in your browsers. You must do this step for all users on the Windows computer.


Currently using Version 7 Update 10

1. Disable Java in your browsers by following these steps: http://www.java.com/en/download/help/disable_browser.xml. Java will now be disabled in your browsers. You must do this step for all users on the Windows computer.

#9 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:05 AM

Posted 12 January 2013 - 05:35 PM

1. Uninstall all versions of Java.


Thank you for adding this step Grinler.:thumbup2: Do you feel it necessary to run JavaRa to "clean up" any stray bits left behind by the Java uninstalls?

Disable Java in your browsers by following these steps: http://www.java.com/en/download/help/disable_browser.xml. Java will now be disabled in your browsers.


Mozilla has implemented Click-to-Play as demonstrated in my post (#5) above...which can (if the user wishes to) "override" disabling Java on a per-site basis.

Status There is no patch currently available for this issue from Oracle. To protect Firefox users we have enabled Click To Play for recent versions of Java on all platforms (Java 7u9, 7u10, 6u37, 6u38). Firefox users with older versions of Java are already protected by existing plugin blocking or Click To Play defenses.

The Click To Play feature ensures that the Java plugin will not load unless a user specifically clicks to enable the plugin. This protects users against drive-by exploitation, one of the most common exploit techniques used to compromise vulnerable users. Click To Play also allows users to enable the Java plugin on a per-site basis if they absolutely need the Java plugin for the site.



#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:05 AM

Posted 12 January 2013 - 06:08 PM

Thank you for adding this step Grinler.:thumbup2: Do you feel it necessary to run JavaRa to "clean up" any stray bits left behind by the Java uninstalls?


Definitely cant hurt.

#11 shellfish!

shellfish!

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 12 January 2013 - 10:20 PM

is an add on the same thing as a plug in on internet explorer? It says to click manage plug ins under tools on IE, but the closest option that i see I mangage add ons. Also would java be on a samsung galaxy note. I cant figure out how to add remove programs on that device.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:05 AM

Posted 12 January 2013 - 10:32 PM

Yes on the First question,
ask the other in Android OS
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Winterland

Winterland

  • Members
  • 980 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Land of Enchantment
  • Local time:03:05 AM

Posted 13 January 2013 - 08:47 AM

Thanks to everyone for the update and the workarounds.


Blade - thanks for the OP.

My mother-in-law called yesterday morning telling me the sky was falling and what not (she watches a lot of TV) and when ever she mentions anything computer related, I always head over here and when I saw your post, I knew right away what was going on.

I logged into her machine (via Avast!) and patched everything up and disabled the rest.


Speaking of which, for the BC folks that are reading this Topic, don't forget to follow Grinler's advice and run that Secunia PSI app and make sure your machine is patched and up-to-date.


Union_Thug - not sure if you like coffee, but at least now I know how you feel about Java. :P


onward,

Winterland

Photobucket removed my cool flag - idiots!

 

Every calculation based on experience elsewhere fails in New Mexico.


#14 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:05:05 AM

Posted 13 January 2013 - 09:05 AM

Union_Thug - not sure if you like coffee, but at least now I know how you feel about Java. :P


:P Thanks "winter" As Rod Stewart would say "Every picture tells a story, don't it?" Posted Image

#15 lti

lti

  • Members
  • 581 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 13 January 2013 - 11:20 AM

I have only needed Java to run a graphing program for a calculus class. I don't even install Java on any of my computers.

For some reason, I have two versions of Java installed. Both Java 6 update 25 (the version that was installed on this computer from the factory) and 7 update 9 are installed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users