Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

Java vulnerability, update soonest

cross platform exploit

12:32 am on Dec 3, 2011 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
votes: 523

Security community Metasploit took a recent look at this vulnerability, and found that the exploit, described as "a big one," is run completely and successfully on all systems running Java prior to version 1.6.0_29-b11, including Windows XP, Windows 7, Ubuntu Linux, and Apple's OS X.

On all platforms, only Google's Chrome browser gave any notification that a Java applet was running; other browsers like Safari, Internet Explorer, and Firefox gave no indication at all. Regardless of this difference, the malicious applet ran easily and successfully in all browsers.

According to Krebs on Security, the exploit "should not be taken lightly by any computer user," since Java is installed on more than 3 billion computing devices worldwide. Krebs cites Microsoft's Tim Rains as mentioning that Java-based exploits were the most common ones seen on computer systems in the first half of 2011, suggesting that hackers would be eager to get their hands on this current exploit.