Critical Java zero-day bug is being “massively exploited"

Your fully patched installation of Java isn't safe.

A previously unknown and currently unpatched security hole in the latest version of the Java software framework is under attack online, according to security researchers and bloggers.

Source

A Guy
 
Sure glad I don't have Java on my systems.

Jim :cool:
 

My Computer

System One

  • OS
    Windows 7 HP 64bit, Windows 8.1 Pro w/Media Center 64BIT
    Computer type
    PC/Desktop
    System Manufacturer/Model
    ASUS - Home Built
    CPU
    AMD Phenom II X6 1100T
    Motherboard
    ASUS M5A99X EVO
    Memory
    Crucial Balistic DDR-3 1866 CL 9 (8 GB)
    Graphics Card(s)
    MSI R6850 Cyclone IGD5 PE
    Sound Card
    On Chip
    Monitor(s) Displays
    ASUS VE258Q 25" LED with DVI-HDMI-DisplayPort
    Screen Resolution
    1920 x 1080
    Hard Drives
    Two WD Cavier Black 2TB Sata 6gbs
    WD My Book Essential 2TB USB 3.0
    PSU
    Seasonic X650 80 Plus GOLD Modular
    Case
    Corsair 400R
    Cooling
    Antec Kuhler H2O 620, Two 120mm and four 140mm
    Keyboard
    AVS Gear Blue LED Backlight
    Mouse
    Logitech Marble Mouse USB, Logitech Precision Game Pad
    Internet Speed
    15MB
    Antivirus
    NIS, Malwarebytes Premium 2
    Other Info
    APC UPS ES 750, Netgear WNR3500L Gigabit & Wireless N Router with SamKnows Test Program,
    Motorola SB6120 Gigabit Cable Modem.
    Brother HL-2170W Laser Printer,
    Epson V300 Scanner
Me either, haven't missed it. A Guy
 

My Computer

System One

  • OS
    Windows 10 Home x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    INTEL Core i5-750
    Motherboard
    ASUS P7P55D
    Memory
    KINGSTON HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
    Graphics Card(s)
    EVGA GTX750
    Monitor(s) Displays
    LG 27MP33HQ 32" IPS LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 840 Evo 120 GB, 2 x SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    ANTEC TruePower New TP-550, 80 PLUS®, 550W
    Case
    ANTEC Three Hundred Illusion
    Cooling
    COOLER MASTER Hyper 212 Plus, 3 x 120mm 1 x 140mm Case
    Internet Speed
    20 + Mbps
    Browser
    Vivaldi
    Antivirus
    Avast
People still have Java installed?
 

My Computer

System One

  • OS
    Windows Phone 6, Windows CE 5, Windows Vista x32, Windows 7 x32/x64, Windows 8 x64
We haven't seen it here at work yet. Many can't disable java because there are a lot of applications that require it. I hope the patch comes out ASAP!
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
We haven't seen it here at work yet. Many can't disable java because there are a lot of applications that require it. I hope the patch comes out ASAP!

Yeah I don't know how anyone can go without java. Nothing works without it and every system I deal with uses it. Hell there was a time when java was part of windows and you really had no option but to use it if you were on a windows platform.

Either way I really don't care if it is vulnerable. That is why we have security software to block things that get through.
 

My Computer

System One

  • OS
    Win7 Ultimate x64 SP1
    System Manufacturer/Model
    Custom Build (What Else Would It Be?)
    CPU
    AMD Phenom II X6 1100T Black Edition Thuban 3.3GHz, 3.7GHz
    Motherboard
    Gigabyte GA-890FXA-UD5
    Memory
    CORSAIR DOMINATOR GT 8GB (2 x 4GB) 1866 DDR3
    Graphics Card(s)
    XFX HD-697A-CNDC Radeon HD6970 2GB 256-bit
    Sound Card
    Creative SoundBlaster X-Fi Platinum Fatal1ty Edition
    Monitor(s) Displays
    Dual 25 Inch Hanns-G HZ251
    Screen Resolution
    3840x1080 (1920x1080 x2)
    PSU
    Corsair 850W Single Rail
    Case
    Thermaltake V9 BlacX w/ Dual HDD Docking Station
    Cooling
    Air/Copper
    Keyboard
    Kensington (Low-Profile)
    Mouse
    Creative Fatal1ty
    Internet Speed
    Cable 15Gbit (15 Down 5 Up)
    Other Info
    XIGMATEK HDT-S1284F 120mm HYPRO Bearing CPU Cooler, LG Blu-Ray Burner.
I'm not 100% sure i would put complete faith in outside security software keeping you 100% safe from exploits such as this.
 

My Computer

System One

  • OS
    Windows 7
    System Manufacturer/Model
    Self-Built in July 2009
    CPU
    Intel Q9550 2.83Ghz OC'd to 3.40Ghz
    Motherboard
    Gigabyte GA-EP45-UD3R rev. 1.1, F12 BIOS
    Memory
    8GB G.Skill PI DDR2-800, 4-4-4-12 timings
    Graphics Card(s)
    EVGA 1280MB Nvidia GeForce GTX570
    Sound Card
    Realtek ALC899A 8 channel onboard audio
    Monitor(s) Displays
    23" Acer x233H
    Screen Resolution
    1920x1080
    Hard Drives
    Intel X25-M 80GB Gen 2 SSD
    Western Digital 1TB Caviar Black, 32MB cache. WD1001FALS
    PSU
    Corsair 620HX modular
    Case
    Antec P182
    Cooling
    stock
    Keyboard
    ABS M1 Mechanical
    Mouse
    Logitech G9 Laser Mouse
    Internet Speed
    15/2 cable modem
    Other Info
    Windows and Linux enthusiast. Logitech G35 Headset.
Gawd fix it....my wife wants to go out to dinner...no pogo :haha:
 

My Computer

System One

  • OS
    MS Windows 8.1 Pro 64-bit with WMC
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i5 650 @ 3.20GHz X4
    Motherboard
    H57M01
    Memory
    8.00 GB Dual-Channel DDR3 @ 665MHz
    Graphics Card(s)
    Nvidia GeForce GTX 550TI Superclocked
    Screen Resolution
    1920 x 1080
    Hard Drives
    2 ...1T each
    PSU
    750 Corsair
    Keyboard
    wireless
    Mouse
    wireless
    Internet Speed
    60Mbps tested @ 68.92Mbps/5.87Mbpsbps
People still have Java installed?

Yup, I need it to view my stock portfolio when I'm logged on at my bank.
 

My Computer

System One

  • OS
    Windows 8.1 Pro x64 Media Center Edition
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom Made
    CPU
    Intel Core i5 750
    Memory
    6 GB
    Graphics Card(s)
    AMD HD 7750
    Monitor(s) Displays
    Iiyama ProLite B2481HS-B1
    Screen Resolution
    1920x1080
    Hard Drives
    1x 120 GB SSD Samsung 830;
    1x 1.5 TB HDD Seagate;
    1x 2 TB HDD Western Digital;
    1x 3 TB HDD Seagate
    1x 80 GB SSD Vertex 2
    PSU
    Corsair CX 600
    Case
    Corsair Carbide 300R with Side Window
    Cooling
    Intel RTS2011 LC
    Keyboard
    DasKeyboard (blue switches)
    Mouse
    Wacom Baboo Tablet Pen & Touch
    Internet Speed
    50 Mbit FullDuplex Fiberglass
    Browser
    IE11
    Antivirus
    Windows Defender
    Other Info
    I also own the following Microsoft devices:
    * Surface Pro 2 128 GB
    * Windows Phone HTC 8X
Danger for Minecraft users.
Danger for pingtest.com users.
 

My Computer

System One

  • OS
    Windows 10 Pro x64
    Computer type
    Laptop
    System Manufacturer/Model
    Lenovo Y520
    CPU
    Intel Core i5 7300HQ
    Motherboard
    OEM Lenovo
    Memory
    4GB DDR4-2400
    Graphics Card(s)
    NVIDIA GeForce GTX 1050
    Sound Card
    Realtek HD
    Monitor(s) Displays
    1 (2)
    Screen Resolution
    1920x1080
    Hard Drives
    Seagate 1TB 5400 RPM
    Keyboard
    OEM Lenovo
    Mouse
    Logitech G502 Proteus Core
    Internet Speed
    100 Mbps
    Browser
    Google Chrome
    Other Info
    PC:

    AMD Athlon X4 760K
    8GB DDR3-1866
    AMD Radeon RX 460
    Seagate 500 GB 7200 RPM
The Australian Tax Office Business Portal for lodging quarterly BAS and annual tax returns online cannot be used without Java to run the AusKey security log on. Right now the portal is undergoing maintenance, so I hope that includes the patch.:(
 

My Computer

System One

  • OS
    Windows 7 Ult Reatil & Win 8 Pro OEM
    System Manufacturer/Model
    Built as DIY
    CPU
    6 core 12 thread & 4 core
    Motherboard
    Inel Extreme & Intel standard
    Memory
    12GB & 8GB
    Graphics Card(s)
    3 top end SLI linked & onboard
    Sound Card
    In built in graphics card & onboard
    Monitor(s) Displays
    24 & 23 inch Samsung LED backlit
    Screen Resolution
    High def
    Hard Drives
    Corsair Force 128GB SATA3 SSDs in each machine. Plus several external USB3 and eSATA spinner HDs
Is having java installed, period, make you vulnerable? Or can I just disable the browser plugin without completely destroying my Minecraft?

Or is this one of those things 'just being connected to the internet you will get it if your IP gets sniffed out regardless of what you do'?
 

My Computer

System One

  • OS
    Windows 8.1 Pro 64-Bit, Ubuntu 13.04 64-Bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom Built
    CPU
    Intel Core i7 950 @ 3ghz
    Motherboard
    Asus Sabertooth X58
    Memory
    Crucial 6GB DDR3 1066mhz Triple Channel
    Graphics Card(s)
    1GB EVGA GTX 460 SE (Nvidia)
    Monitor(s) Displays
    Dual LG Monitors
    Screen Resolution
    1920x1080, 1280x1024
    Hard Drives
    80GB Intel 320 Series SSD
    640GB WD Caviar Blue
    320GB WD MyBook (converted to Internal SATA)
    1TB Seagate Barracuda
    PSU
    Corsair 650TX 650w
    Case
    CoolerMaster HAF 922
    Keyboard
    Logitech G110
    Mouse
    Logitech G500
    Internet Speed
    20mbps Down, 2mbps Up
I haven't read the details of the nature of the exploit so I can't answer your question, but I'll try to get some answers...
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
I believe if you disable Java in the browser, you can't play Minecraft normally. I believe you can play Minecraft with no internet connection, but with many limitations (I have never played ;)). Have a look here:

Minecraft Portable! For Computers Without Java

A Guy
 

My Computer

System One

  • OS
    Windows 10 Home x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    INTEL Core i5-750
    Motherboard
    ASUS P7P55D
    Memory
    KINGSTON HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
    Graphics Card(s)
    EVGA GTX750
    Monitor(s) Displays
    LG 27MP33HQ 32" IPS LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 840 Evo 120 GB, 2 x SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    ANTEC TruePower New TP-550, 80 PLUS®, 550W
    Case
    ANTEC Three Hundred Illusion
    Cooling
    COOLER MASTER Hyper 212 Plus, 3 x 120mm 1 x 140mm Case
    Internet Speed
    20 + Mbps
    Browser
    Vivaldi
    Antivirus
    Avast
Critical Java vulnerability made possible by earlier incomplete patch

The critical Java vulnerability that is currently under attack was made possible by an incomplete patch Oracle developers issued last year to fix an earlier security bug, a researcher said.

The revelation, made Friday by Adam Gowdiak of Poland-based Security Explorations, is the latest black eye for Oracle's Java software framework which is installed on more than 1 billion PCs, smartphones, and other devices. Last year saw a steady stream of attacks that exploited Java vulnerabilities, allowing miscreants to surreptitiously install keyloggers and other malicious software when unwitting people browsed compromised websites. The abuse has already continued into 2013, when on Thursday researchers reported yet another critical bug that is being "massively exploited in the wild".

Update: Asked for comment on Gowdiak's comments, an Oracle spokeswoman e-mailed the following statement: "Oracle is aware of a flaw in Java software integrated with web browsers. The flaw is limited to JDK7. It does not exist in other releases of Java, and does not affect Java applications directly installed and running on servers, desktops, laptops, and other devices. A fix will be available shortly."

Source

A Guy
 

My Computer

System One

  • OS
    Windows 10 Home x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    INTEL Core i5-750
    Motherboard
    ASUS P7P55D
    Memory
    KINGSTON HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
    Graphics Card(s)
    EVGA GTX750
    Monitor(s) Displays
    LG 27MP33HQ 32" IPS LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 840 Evo 120 GB, 2 x SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    ANTEC TruePower New TP-550, 80 PLUS®, 550W
    Case
    ANTEC Three Hundred Illusion
    Cooling
    COOLER MASTER Hyper 212 Plus, 3 x 120mm 1 x 140mm Case
    Internet Speed
    20 + Mbps
    Browser
    Vivaldi
    Antivirus
    Avast
Sounds like it doesn't affect anything but web browsing. Therefore I will simply leave the java plugin disabled in Firefox and it shouldn't have anything to do with Minecraft gaming (as I use the downloaded client to play, not the browser version).
 

My Computer

System One

  • OS
    Windows 8.1 Pro 64-Bit, Ubuntu 13.04 64-Bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom Built
    CPU
    Intel Core i7 950 @ 3ghz
    Motherboard
    Asus Sabertooth X58
    Memory
    Crucial 6GB DDR3 1066mhz Triple Channel
    Graphics Card(s)
    1GB EVGA GTX 460 SE (Nvidia)
    Monitor(s) Displays
    Dual LG Monitors
    Screen Resolution
    1920x1080, 1280x1024
    Hard Drives
    80GB Intel 320 Series SSD
    640GB WD Caviar Blue
    320GB WD MyBook (converted to Internal SATA)
    1TB Seagate Barracuda
    PSU
    Corsair 650TX 650w
    Case
    CoolerMaster HAF 922
    Keyboard
    Logitech G110
    Mouse
    Logitech G500
    Internet Speed
    20mbps Down, 2mbps Up

My Computer

System One

  • OS
    Windows 8.1 Pro x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Black Shadow
    CPU
    i7-4790K
    Motherboard
    Gigabyte Z97X-UD5H
    Memory
    8GB Trident X 2400mhz cas9
    Graphics Card(s)
    Asus GTX 970 Strix
    Sound Card
    X-FI Extreme Music
    Monitor(s) Displays
    Dell U2412M
    Screen Resolution
    1920 x 1200
    Hard Drives
    850 Pro 256GB / Vector 150 240GB / Evo 250GB
    PSU
    Seasonic SS-660XP2
    Case
    Fractal Design R4
    Cooling
    Noctua NH-U14S

My Computer

System One

  • OS
    Windows 8.1 Pro x64 Media Center Edition
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom Made
    CPU
    Intel Core i5 750
    Memory
    6 GB
    Graphics Card(s)
    AMD HD 7750
    Monitor(s) Displays
    Iiyama ProLite B2481HS-B1
    Screen Resolution
    1920x1080
    Hard Drives
    1x 120 GB SSD Samsung 830;
    1x 1.5 TB HDD Seagate;
    1x 2 TB HDD Western Digital;
    1x 3 TB HDD Seagate
    1x 80 GB SSD Vertex 2
    PSU
    Corsair CX 600
    Case
    Corsair Carbide 300R with Side Window
    Cooling
    Intel RTS2011 LC
    Keyboard
    DasKeyboard (blue switches)
    Mouse
    Wacom Baboo Tablet Pen & Touch
    Internet Speed
    50 Mbit FullDuplex Fiberglass
    Browser
    IE11
    Antivirus
    Windows Defender
    Other Info
    I also own the following Microsoft devices:
    * Surface Pro 2 128 GB
    * Windows Phone HTC 8X
I never install java.
I use it locally, when needed by manually linking to the jre (java runtime environment) folder...
That's what the portable versions do: they have a local jre otherwise they don't work. It's just that you don't need to install java.
Every java program, for instance Minecraft has it's jre and only that paticular program will use java, no browsers nothing else.
But if Minecraft needs and has internet connection then again you are exposed to the exploit.

For example if I use Eclipse IDE for developing in Java, I give a jre folder in the Eclipse folder... and only Eclipse has Java, the PC not.

If you install Java, the jar's and applets (in browsers) will run just like exe's on your pc and that's the dangerous part.
By not installing, only what I want to run (gets its own jre) will run, the rest not.

The local jre method is a bit safer.
But with any method, even the portable one, you'll never be safe online as long as exploits exist.

In the end everyone has its own method: by installing, not installing or not using at all.
 

My Computer

System One

  • OS
    Windows 10 x64
    Computer type
    Laptop
    System Manufacturer/Model
    HP Envy DV6 7250
    CPU
    Intel i7-3630QM
    Motherboard
    HP, Intel HM77 Express Chipset
    Memory
    16GB
    Graphics Card(s)
    Intel HD4000 + Nvidia Geforce 630M
    Sound Card
    IDT HD Audio
    Monitor(s) Displays
    15.6' built-in + Samsung S22D300 + 17.3' LG Phillips
    Screen Resolution
    multiple resolutions
    Hard Drives
    Samsung SSD 250GB + Hitachi HDD 750GB
    PSU
    120W adapter
    Case
    small
    Cooling
    laptop cooling pad
    Keyboard
    Backlit built-in + big one in USB
    Mouse
    SteelSeries Sensei
    Internet Speed
    slow and steady
    Browser
    Chromium, Pale Moon, Firefox Developer Edition
    Antivirus
    Windows Defender
    Other Info
    That's basically it.
Thanks!!!
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
Back
Top