Mozilla announced today that, similar to Chrome, Firefox will be blocking plugins by default in a future version of the browser. However, most plugins will be available through a “click to allow” feature, at least for the time being. Flash will still be enabled by default. You can read more here . Read more…
Read the original post:
Mozilla announced today that, similar to Chrome, Firefox will be blocking plugins by default in a fu
If you haven’t installed last week’s patch from Oracle that plugs dozens of critical holes in its Java software framework, now would be a good time. As in immediately. As in, really, right now . In the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 was folded into either the folded into the RedKit or CrimeBoss exploit kit. By Sunday, that attack code was being actively unleashed on unsuspecting end users, according to a short blog post published by a researcher from antivirus provider F-Secure. The post doesn’t say where the attacks were being hosted or precisely how attackers are using them. Still, Oracle describes the vulnerability as allowing remote code execution without authentication. And that means you should install the patch before you do anything else today. The track record of malware purveyors of abusing advertising networks, compromised Apache servers , and other legitimate enterprises means readers could encounter attacks even when they’re browsing a site they know and trust. Read 3 remaining paragraphs | Comments
Originally posted here:
Java users beware: Exploit circulating for just-patched critical flaw
A dialog box presented by Java when it encounters an application that isn’t signed by a digital certificate. Java.com Oracle plans to release an update for the widely exploited Java browser plugin. The update fixes 39 critical vulnerabilities and introduces changes designed to make it harder to carry out drive-by attacks on end-user computers. The update scheduled for Tuesday comes as the security of Java is reaching near-crisis levels. Throughout the past year, a series of attacks hosted on popular websites has been used to surreptitiously install malware on unwitting users’ machines. The security flaws have been used to infect employees of Facebook and Apple in targeted attacks intended to penetrate those companies. The vulnerabilities have also been exploited to hijack computers of home and business users. More than once, attackers have exploited one previously undocumented bug within days or weeks of patching a previous “zero-day,” as such vulnerabilities are known, creating a string of attacks on the latest version of the widely used plugin. In all, Java 7 Update 21 will fix at least 42 security bugs, Oracle said in a pre-release announcement . The post went on to say that “39 of those vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.” The advisory didn’t specify or describe the holes that will be patched. Security Exploration, a Poland-based security company that has discovered dozens of “security issues” in Java, has a running list of them here . Read 5 remaining paragraphs | Comments
Follow this link:
New security protection, fixes for 39 exploitable bugs coming to Java
An anonymous reader writes in with news of the continuing saga of Java patches and exploits. “If you’re a Mac user who suddenly can’t access websites or run applications that rely on Java, you’re not alone. For the second time in a month, Apple has silently blocked the latest version of Java 7 from running on OS X 10.6 Snow Leopard or higher via its XProtect anti-malware tool. Apple hasn’t issued any official statements advising users of the change or its reasons, but it’s a safe bet that the company has deemed Oracle’s most recent update to Java insecure. That’s why the company stealthily disabled Java on Macs back on Jan. 10, the same day a Java vulnerability was being exploited in the wild.” Read more of this story at Slashdot.
Continue reading here:
Apple Angers Mac Users With Silent Shutdown of Java 7
Oracle hasn’t had a great start to 2013. It’s barely into the new year, and Apple and Mozilla are already putting up roadblocks to some Java versions after discoveries of significant browser-based exploits. The company has been quick to respond, however, and already has a patched-up version ready to go. The Java update goes one step further to minimize repeat incidents, as well — it makes the “high” setting the default and asks permission before it lauches any applet that wasn’t officially signed. If you’ve been skittish about running a Java plugin ever since the latest exploits became public, hit the source to (potentially) calm your nerves. [Thanks, Trevor] Filed under: Internet , Software , Apple Comments Via: Reuters Source: Oracle
Taken from:
Oracle patches Java exploits, toughens its default security levels
We’ve been concerned about the security of Java for a while now. There was that vulnerability that affected like a billion computers , and Apple went so far as to remove Java plugins from all OSX browsers. Now even the Department of Homeland Security is in on the act with a special message: ” Yo, shut off that Java jazz “. More »
Taken from:
Even The Department Of Homeland Security Wants You To Disable Your Java