Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Firefox Java Mozilla OS X Security Apple

Apple and Mozilla Block Vulnerable Java Plug-ins 88

Posted by Soulskill
from the no-dogs-allowed dept.
hypnosec writes "Following news that a Java 0-day has been rolled into exploit kits, without any patch to fix the vulnerability, Mozilla and Apple have blocked the latest versions of Java on Firefox and Mac OS X respectively. Mozilla has taken steps to protect its user base from the yet-unpatched vulnerability. Mozilla has added to its Firefox add-on block-list: Java 7 Update 10, Java 7 Update 9, Java 6 Update 38 and Java 6 Update 37. Similar steps have also been taken by Apple; it has updated its anti-malware system to only allow version 1.7.10.19 or higher, thereby automatically blocking the vulnerable version, 1.7.10.18." Here are some ways to disable Java, if you're not sure how.
This discussion has been archived. No new comments can be posted.

Apple and Mozilla Block Vulnerable Java Plug-ins

Comments Filter:
  • by thsths (31372) on Friday January 11, 2013 @05:42PM (#42562267)

    > Why does this one deserve special treatment?

    Because it is
    * wide spread, both in terms of users and in terms of malicious sites
    * serious: remote exploit with none but the initial user interaction
    * arrogant of Oracle not to respond
    * avoidable, because nearly nobody needs Java anyway

    Oracle really dropped the ball here, and they deserve to be kicked.

  • Re:and to unblock? (Score:4, Insightful)

    by X0563511 (793323) on Friday January 11, 2013 @06:38PM (#42562789) Homepage Journal

    If you have critical software depending on vulnerable versions you should beat the developers over the head to fix it.

    I would love to do that, but I'd get fired for it.

  • Needs whitelisting (Score:4, Insightful)

    by Dwedit (232252) on Friday January 11, 2013 @09:27PM (#42564135) Homepage

    I think this kind of mass disabling should be combined with a list of known "Good" java applets, possibly matched by URL or file hash.
    The list doesn't necessarily have to come from some authority from the internet, it could possibly be provided by a company's IT department to run the specific Java applets they need to use.
    So when people hit the "good" java applets, their Java plugin isn't disabled, and it runs the applet just like normal.

When some people discover the truth, they just can't understand why everybody isn't eager to hear it.

Working...