Warnings | Patch from Oracle | Mac OS X | Disabling Java in browsers
There was a rash of posts Friday Jan. 11, 2013 about a Java Runtime Environment (JRE) vulnerability following the CERT (Computer Emergency Readiness Team) announcement.
These only affect the java plugin running in browsers.
Oracle's Java 7, ALL versions (v1.7 update 10, aka 7u10, on down), is the affected version. It is being exploited in-the-wild on Linux, Windows and UNIX.
Anti-virus, anti-malware programs that everyone should have on their
computer, usually handle most risks, so circulating warning emails is
usually unnecessary. The exploit has been described by Sophos as a zero-day attack since it has been found being actively used in malware before developers have had a chance to investigate and patch it.
The malware has currently been seen attacking Windows, Linux and Unix systems, and while so far has not focused on Mac OS X, may be able to do so given OS X is largely similar to Unix and Java is cross-platform.
Jan., 11, 2013 Jan., 11, 2013 The Department of Homeland Security's United States Computer Emergency Readiness Team (US-CERT) has issued an alert that an unspecified vulnerability in Java can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability affects Java 7 Update 10 and earlier versions. US-CERT reports it is currently unaware of a practical solution to this problem. It recommends working around the flaw by disabling Java in web browsers. The Oracle Java Runtime Environment (JRE) 1.7 enables users to run Java applications in a browser or as standalone programs. Oracle has made the JRE available for multiple operating systems. See major-vulnerability-found-in-java | www.securityinfowatch.com
Disable Java runtime
Jan. 13, 2013 - Oracle Security Alert for CVE-2013-0422
The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.
Instructions for Mac OS X suspect code is at "/System/Library/Java/JavaVirtualMachines/1.7.0.jdk" All I had on OS X 10.8.2 (Mountain Lion) was 1.6.0.jdk Get info said it was version 14.5.0 which, "Displays Java applet content, or a placeholder if Java is not installed." Apple has acted proactively to block the Java browser plug-in on Mac machines with OS X 10.6 Snow Leopard or higher. Is your Mac at risk? Maybe. It is possible that your Mac does not even have Java installed. Apple stopped including Java by default with Lion. However, if you have run into any websites or software that needs Java, it may have prompted you to install it. If you disable Java in whichever browser(s) you use regularly, you can continue to use your web browser without worrying about this exploit. If you find a website that uses Java, you can turn it on, do what you need to do, and then turn it off again. See a-reasonable-response-to-java-security-problems/ | www.tuaw.com You can remove it or disable it. Disable Java in Mac OS X browsers: Disable it with Java Preferences utility from the terminal app. sudo /usr/libexec/java_home Password: Disable java in Safari Safari > Preferences > Security Un-check "Enable java" Disable java in Google Chrome Chrome > Preferences > Settings > Show Advanced Settings ... (at the bottom) Click "Content Settings" under Privacy Click "Disable Individual Plug-ins" under Plug-ins Disable Java in Firefox 17 Tools > Add-ons > Plugins Java Applet Plug-inAll I had there was Java 14.5.0 which says it "Displays Java applet content, or a placeholder if Java is not installed." This is not the suspect code. There was another java vulnerability in update 6 (7u6) in August. Aug 27,2012 David Maynor, CTO of Errata Security, confirmed that the Metasploit exploit -- which was published less than 24 hours after the bug was found -- is effective against Java 7 installed on OS X Mountain Lion.
Although the exploits now circulating in the wild have been aimed only at Windows users, it's possible that Macs could also be targeted. Return to Virus, Spyware and Security
|