Java Update/Security Reminder
- Thread starter Sin_Chase
- Start date
You know when you un-installed version 6 the cache didn't get deleted? You'll find it in AppData > LocalLow > Sun > Java > Deployment > cache. Av is moaning about it
I manually did a cache clear
Exploit for Java 7 Update 6 is in the wild.
https://community.rapid7.com/commun...8/27/lets-start-the-week-with-a-new-java-0day
http://pastie.org/4594319
https://community.rapid7.com/commun...8/27/lets-start-the-week-with-a-new-java-0day
http://pastie.org/4594319
As mentioned above, don't install java. Most people don't really need it. Though as I play minecraft, I do keep it installed and up to date, but keep any browser plugins disabled to remove any risk. Not an ideal system, but java being needed in the browser hasn't really been a thing for a few years, and with the dawn of html5 hopefully it will completely fall out of use.
Just check https://www.mozilla.org/en-US/plugincheck/ regularly if you have Firefox, simples.
Heres a site to see if your Javas vulnerable http://zulu.zscaler.com/research/java_version.html
My advice would be to disable it and then worry about what breaks retrospectively. Apple have a good system regarding Java - if you don't use the plugin for a while it gets "put to sleep" so you have to manually reenable it again if needed.
And it looks like Oracle aren't going to patch this until October. It's like a hacker Christmas come early.
And it looks like Oracle aren't going to patch this until October. It's like a hacker Christmas come early.
Java used to check for updates once a month, now it's once a week. It can take them closet to three months release a patch for know exploits - why do people expect anything more than utterly insecure from a company operating such an update policy?
Flash may have issues but the default update check these days os set to run every hour. By comparison, from a security perspective, java is a bad joke. It's free and you still shouldn't install it unless you absolutely need it. You literally couldn't pay someone to install it who was security orientated.
Unfortunately too many places require it. Best thing most people can do it disable auto run in their browser and set it to prompt. Mozilla has repeatedly disabled the java plug-in over the years on security grounds, oracle just does not learn.
Flash may have issues but the default update check these days os set to run every hour. By comparison, from a security perspective, java is a bad joke. It's free and you still shouldn't install it unless you absolutely need it. You literally couldn't pay someone to install it who was security orientated.
Unfortunately too many places require it. Best thing most people can do it disable auto run in their browser and set it to prompt. Mozilla has repeatedly disabled the java plug-in over the years on security grounds, oracle just does not learn.
Oh it's you again.
My point was just a friendly reminder that there is more than one way to check for updates.
What exactly is your point
Last edited:
A misleading plug-in checker isn't helpful. Firefox needs to copy Chrome again, just like they did with the interactive plug-in mode.
https://support.google.com/chrome/bin/answer.py?hl=en&answer=1247383&p=ib_blocked_plugin
Associate
- Joined
- 17 Dec 2008
- Posts
- 671
Update 7 is out now?
Java 7 Update 7 critical vulnerability discovered in less than 24 hours
https://isc.sans.edu/diary.html?storyid=14017&rss
https://isc.sans.edu/diary.html?storyid=14017&rss
http://arstechnica.com/security/201...w-allows-complete-bypass-of-security-sandbox/
Mess with Java/get burned
Mess with Java/get burned
Java 7 Update 9 is out. https://blogs.oracle.com/security/entry/october_2012_critical_patch_update