Zero-day Exploit in Java – Alarmist Mentality?

You’ve likely heard about the zero day exploit in Java 7, if not you can read about it, here, here, and here.

Oracle has released a patch, but Genuitec along with other experts believe this is only a temporary solution. Here’s the patch (Java SE Runtime Environment 7u11).

Now, let’s take a step back and look at what is really going on since there is a lot of confusion right now. Java installed on the end-user operating system is fine – it is only the Java plug-in itself. Java in the data center is fine too, not to mention heavily used. Our Secure Delivery Center allows automatic software delivery with fallback to non-Java plugin based usage if plugin is disabled — it already plays nice and keeps working.

We do recommend disabling the Java plug-in via the well written instructions at NakedSecurity (Sophos), you can find it here. Understand, it’s not the end of the world and in most cases you’ll be fine, but do yourself a favor and disable the Java plug-in until Oracle comes up with a fix more proven than its current quick patch. If however you must use the Java plug-in for you development, make sure to update today following instructions here.

Tags: Genuitec, Java, Java 7, oracle, Secure Delivery Center, security patch

This entry was posted on Monday, January 14th, 2013 at 11:37 am and is filed under General, Genuitec, Java, Secure Delivery Center. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.