A New Serious Java Exploit Discovered That Effects All Mac OS X And Windows Versions
The folks over at ComputerWorld point our attention to a serious Java zero-day exploit that was recently discovered by Adam Gowdiak, the CEO of a Polish security firm. Apparently this Java exploit can actually be leveraged to hijack a machine with Java and install malware. All modern version of Java are effected by this bug including Java 5, Java 6 and Java 7.
When Gowdiak was reached for comment about this Java flaw he stated the following:
The potential impact is bigger when it comes to the number of Java desktops. The vulnerability affects up-to-date installs of Java 5, 6 and 7. We even tested the developer preview of Java 7 Update 10, a build from Sept. 20, 2012, [and] verified it was also vulnerable.
Although this is without a doubt scary to think that all systems with Java are currently vulnerable to this attack, Gowdiak has said himself that he is “not aware of any active attacks that would exploit this vulnerability.” That is not to say that there will not be though in the near future.
Oracle’s next scheduled Java update is October 16th, so this means users will have to sit tight and be careful until a patch it released. Of course you can always disable Java in major browsers by following instructions found on the US-CERT (United States Computer Emergency Readiness Team) website.