It seems like the woes of Java Programmers is not yet over. Yesterday, Oracle had issued an out of turn patch for the vulnerability which was discovered in the 1.7 version of Java. Just within 24 hours of the release of this patch, a new vulnerability had been discovered and has been submitted to Oracle.
From ISC Diary’s website:
Polish security firm Security Explorations has sent an advisory, with a proof-of-concept exploit, to Oracle today (Friday 31 AUG) specific to a vulnerability they discovered in the Java 7 security update released Thursday. This newly reported vulnerability can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system.
The very first thought which comes into our mind is to disable Java within the browser or uninstall it. Here, are the instructions:
Step 1: Verify the Java Version by visiting:
https://www.java.com/en/download/installed.jsp
Verify Java
Step 2: Disable Java in Web-Browser
Browsers for Windows
A: Open Registry Editor by pressing Winkey+R and typing regedit and then pressing enter.
Navigate to :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 and change the value of 1C00 to 0.
IE Settings
Open Control Panel and Double Click on “Java”. Disable the below mentioned settings by navigating to Advanced Tab and un-checking the items listed under “Default Java for Browsers” and “Java Plugin”
Java Control Panel
Internet Explorer
1.Click Tools and then Internet Options
2.Select the Security tab, and select the Custom Level button
3.Scroll down to Scripting of Java applets
4.Make sure the Disable radio button is checked
5.Click OK to save your preference
Chrome
1. Type about://plugins in the address bar and hit enter.
2. This will display all the plugins that have been installed and their status.
3. If the “Enable” link appears, Java is already disabled and the option would be greyed out. Otherwise, click on “Disable” Link.
Browsers for Windows and Mac OS X
Firefox
1.Start Mozilla Firefox browser or restart it if it is already running
2.At the top of the browser, select the Firefox button (or Tools menu in Windows XP), then Add-ons.
The Add-ons Manager tab will open.
3.In the Add-ons Manager tab, select Plugins
4.Click Java (TM) Platform plugin to select it
5.Click on the Disable button (if the button says Enable, Java is already disabled)
Safari
1.Launch Safari browser
2.Click on Safari and select Preferences
3.Click on the Securitytab
4.Check (select) Disable Java check box
5.Close Safari Preferences window
All of the security community will concur with the above mentioned information, however, we would be presenting the other-side of the world, where it is imperative to use Java and IT Security takes a back seat. These IT users will just turn a blind-eye to the audit reports which recommends them to disable Java and the worst scenario would find these audit reports being shredded and incinerated.
Many of you may believe that; I am paranoid, however, my only advise would be “wait for the blog-post”.
