Thursday, September 6, 2012

Java Vulnerability is for the Web Client Variety, not Server-Side

A Java security hole is something to be taken seriously. But, as usual, clarity is important -- the Java vulnerability affects users of Internet Explorer, Mozilla Firefox and Safari. Exploit code targeting it was tested on Windows XP, Windows Vista and Windows 7 as well as Ubuntu Linux 10.04 and Mac OSX 10.7.4.

The ComputerWorld article is breathless in its admonishment of Oracle,

For businesses that absolutely must use Java, he recommended that users "do not access untrusted Web content with Java enabled," and also that they use Web browser extensions such as NoScript for Firefox, which can "implement whitelisting of websites that can run scripts and access Java," meaning that only sites explicitly granted the use of Java will be allowed to run it. Finally, he said, "think of Java 6 as an alternative."

Download the patch from Oracle here. But, if you are an Enterprise user of J2EE technology, review the information carefully, as JVM exploitation is a different hued horse.

- Posted by Tom/Bluedog

No comments:

Post a Comment