On 01/13/2013 08:35 AM, James Knott wrote:
Jay Lozier wrote:
Yes, all OS's are affected because Java is cross platform. I am not
sure if any of the previous version are affected or if only the
current release is affected.
The primary concern is Java applets run by your browser. The
vulnerability allows a zero-day browser exploit that as yet is not
patched by Oracle. The primary concerns I have heard of are
installation of keyloggers and installation of ransomware. I would
assume the malware will use the JVM to run and would be cross
platform. AFAIK, Oracle has not yet announced when a patch will be
available.
As I mentioned in another note, I'm running OpenJDK, not Oracle Java.
So the question becomes is it a problem in general with Java or just
Oracle's.
The warnings were specific to Oracle's implementation not any other
version. I do not know if this a simplification by the writers/editors
or if only Oracle's implementation is affected. Being cautious, I would
assume if an implementation is not specifically cleared I assume it is
also vulnerable. Apparently this vulnerability can lead to some very
nasty malware exploiting the system.
To be safe I would disable Java (not JavaScript) in all web browsers
until patches are issued. From what I understand disabling Java will
have a minimal impact for most users on the Web.
--
Jay Lozier
[email protected]
--
For unsubscribe instructions e-mail to: [email protected]
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
