Hi, does anyone know if the IcedTea plugin is also affected. (IcedTea is a Java implementantion that is not provided by Oracle)
rgds, reinier On Monday 14 January 2013 07:39:13 Kiggundu Mukasa wrote: > Feds issue warning on Java security > By Tal Kopan - 1/12/13 @ 12:50 PM ET > > The U.S. Department of Homeland Security is recommending that Internet users > disable Java in their Web browsers after pinpointing vulnerability in the > Oracle software. > > According to a Thursday afternoon post on the U.S. Computer Emergency > Readiness Team’swebsite, Java 7 Update 10 and earlier could allow a remote > user to “execute arbitrary code on vulnerable systems,” putting it at risk > for malware. A cyberattacker could exploit the risk to either direct a user > to visit a website that would download malicious software to their computer > or to access a legitimate website and compromise it with a malicious > applet (a “drive-by download”), CERT said. > > (PHOTOS: 10 violent video games) > > The vulnerability is already being exploited, according to the post, and is > reportedly being incorporated into publicly available exploit kits. > > Oracle declined to comment on the warning. > > CERT vulnerability analyst Will Dormann says the flaw could affect all of > Java’s users, which, according to Oracle, reaches 1.1 billion. > > “Some users may be running Java 6, which is unaffected by this > vulnerability. However, Oracle hasreported that it will be automatically > updating Java 6 users to Java 7, starting in December 2012. So before long, > that would mean that 1.1 billion desktop systems could be vulnerable, > assuming that Oracle's numbers are correct,” Dormann said in an email to > POLITICO. > > Dormann said making matters worse is the fact that the vulnerability is true > for most operating systems, including Windows, OS X and Linux, and > browser-level protections will not work against it. > > “When you combine these aspects together, you get a very attractive target > for an attacker,” he said. > > CERT says it recommends disabling Java altogether, as it is unaware of a > solution to the issue. > > The agency credited user Kafeine on the blog “Malware don’t need Coffee” for > pointing out the flaw. > > > This article first appeared onPOLITICO Pro at 2:06 p.m. on January 11, 2013. -- rgds, Reinier Battenberg Director Mountbatten Ltd. www.mountbatten.net tel: +256 758 801749 twitter: @batje _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
