Comments on: Zero-Day Java Exploit Debuts in Crimeware

By: Rabid Howler Monkey

Rabid Howler Monkey — Sun, 20 Jan 2013 16:40:47 +0000

More on portable apps (mentioned immediately above by Zsolt Sandor, thx Zsolt) and Java. For those that need access to Java applets served on important web sites and/or Java-based applications, portable apps might be a solution for some users. In fact, one might be able to go Java free on their PC.

The Firefox portable app:

http://portableapps.com/apps/internet/firefox_portable

The portable Java Runtime Environment, jPortable:

http://portableapps.com/apps/utilities/java_portable

When you need to access a web site serving Java applets, just plug-in the USB stick with your portable apps and do your browsing. When finished, safely remove the USB stick from the PC. And be sure to keep your portable browser and Java up-to-date.

In addition, all or, perhaps, some of one’s Java-based apps (read JAR files) might also be placed on the USB stick and run via the Java portable launcher (it works with jPortable, above):

http://portableapps.com/apps/utilities/java_portable_launcher

By: Zsolt Sandor

Zsolt Sandor — Wed, 16 Jan 2013 17:37:21 +0000

The bug is in the runtime library of Oracle’s Java, but it only means, that the cracker can run a program as a normal user (the user in it’s name the browser was started). It is also unlike that a hacker cares about linux, the target platforms are mostly windows. But, it does not mean your are invulnerable, only that most likely you won’t have a problem. I suggest however to switch off java in your browser, and if a page requires java (banking operations, etc.) use a separate browser only for that purpose.

By: Zsolt Sandor

Zsolt Sandor — Wed, 16 Jan 2013 17:33:14 +0000

A solution to this problem is to install a portable firefox/chrome/etc. on your computer, where you have enabled java, and use this portable browser for accessing pages, which require java (government portal, banking).

Disable java in the browser you use for regular surfing.

Not very elegant way, but at least a safe one.

By: JCitizen

JCitizen — Tue, 15 Jan 2013 05:18:21 +0000

I’m just guessing, but I would speculate that even if the malware could compromise your browser, they wouldn’t be able to do anything with it. I’ve tested some zero day threats that are supposed to work on Mac, only to find they can’t run on RISC architecture. In fact I’ve had some clients who were under attack by what was obviously concerted efforts by corporate espionage groups, who switched to old PowerPCs and have been able to run again. This doesn’t guarantee they aren’t still under surveillance, but at least they can operate their business.

When you have the big guns after you, that can take over a new Mac Air with your cell phone! I assume using bluetooth. You know you are a target of interest!

By: WD

WD — Mon, 14 Jan 2013 19:36:08 +0000

Redhat has confirmed that OpenJDK is affected. Part of the confusion of whether or not it was affected are because 1) The exploit takes advantage of more than one weakness in Java to achieve code execution. 2) The PoC sample is crafted to work with Oracle Java, but the fact that it doesn’t work with OpenJDK doesn’t mean that OpenJDK isn’t vulnerable.
https://bugzilla.redhat.com/show_bug.cgi?id=894172

By: StevenHB

StevenHB — Mon, 14 Jan 2013 18:03:26 +0000

As they say, absence of evidence isn’t the same as evidence of absence.

By: godivademaus

godivademaus — Mon, 14 Jan 2013 16:51:44 +0000

I am running on a mac 10.5.8 Leopard, on a powerPC, which means that a) I cannot update beyond this operating system because subsequent OS upgrades will not work on my powerPC chipset.

Also, Adobe, and other software and utility developers have ceased to include my OS and my chipset among their included upgrades, therefore I only have java 6 and is not included among the automatic upgrades.

So, can I assume from this that my machine would not be impacted from this recently discovered flaw in the Java SE 7?

By: JCitizen

JCitizen — Mon, 14 Jan 2013 02:58:27 +0000

Maybe:

But from everything I read on many tech sites everywhere; Java and Adobe are the TOP vectors for criminals bent on pwning your stuff!

By: JCitizen

JCitizen — Mon, 14 Jan 2013 02:54:18 +0000

Good to hear Greg – I wonder if Revo Uninstaller may help if it happens again?

By: JCitizen

JCitizen — Mon, 14 Jan 2013 02:52:22 +0000

Good thing the update is out now js; and you won’t have to worry – for a while – anyway. *