This content has been marked as final. Show 8 replies
i see some official word:
"Oracle is aware of a flaw in Java software integrated with web browsers. The flaw is limited to JDK7. It does not exist in other releases of Java, and does not affect Java applications directly installed and running on servers, desktops, laptops, and other devices. A fix will be available shortly"
they dont sound too terribly concerned!
i don't remember a mere 'security venerability' making it on the evening news on at least two stations, nor do i remember Homeland Security ever mentioning one.
my fear is that Monday AM i am going to get a LOT of scared customer calls asking what to do.... and i dont have an answer.
it sickens me to be thinking about switching to a temporary flash solution.
You tell them Oracle said a fix will be available shortly. Much more shortly than anything you can develop as a workaround, especially you don't know what it is you're working around.
And keep up with the news, and not just via Twitter.
You can have your customers set the security settings in Java Control Panel to High or Very High.
Look on Youtube and you can find demonstrations of the simplicity required to exploit this vulnerability in Java 7 Update 10. Basically remotely gain a terminal command line session into the users machine.
Oracle has been aware of this bug since August / Sept 2012 but has elected to ignore it.
gimbal2 wrote:Since the previous poster mentioned that they might have to switch to flash I would suspect that they did implement something in applets.
Oracle is the clever one there. All this hype about security risks, when was the last time you just -had- to run a Java applet in any kind of browser environment anyway? Its a slumbering side of the technology.
This link states: "To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages these vulnerabilities."
That doesn't sound like someone can hijack your own Applet. Am I missing something?