A working, cross-platform Java 7 exploit is now in the wild.
It's apparently a pair of bugs
, working in tandem; neither, alone, would be enough to escape the Java sandbox, but together, any machine, be it Windows, Mac, or Linux, can be instantly and silently compromised, simply by viewing a malicious web page. Only Java 7 is vulnerable, but because of the way Oracle schedules patches, it may be unfixed until October.
You can test your machine for the flaw
; if vulnerable, you'll want to at least disable Java in your Web browser
, if not remove it altogether. On Firefox, NoScript
will provide a little protection, by not running Java code unless you click it, but the vulnerability remains.
posted by Malor
on Aug 29, 2012 -