Zero-day Exploit in Java – Alarmist Mentality?
You’ve likely heard about the zero day exploit in Java 7, if not you can read about it, here, here, and here.
Oracle has released a patch, but Genuitec along with other experts believe this is only a temporary solution. Here’s the patch (Java SE Runtime Environment 7u11).
Now, let’s take a step back and look at what is really going on since there is a lot of confusion right now. Java installed on the end-user operating system is fine – it is only the Java plug-in itself. Java in the data center is fine too, not to mention heavily used. Our Secure Delivery Center allows automatic software delivery with fallback to non-Java plugin based usage if plugin is disabled — it already plays nice and keeps working.
We do recommend disabling the Java plug-in via the well written instructions at NakedSecurity (Sophos), you can find it here
. Understand, it’s not the end of the world and in most cases you’ll be fine, but do yourself a favor and disable the Java plug-in until Oracle comes up with a fix more proven than its current quick patch. If however you must use the Java plug-in for you development, make sure to update today following instructions here
Tags: Genuitec, Java, Java 7, oracle, Secure Delivery Center, security patch