[LINK] FYI: Java 7 u11 released, plugs browser plugin holes, prevents zero-click attacks using unsigned or self-signed applets
Fernando Cassia
fcassia at gmail.com
Mon Jan 14 16:39:09 AEDT 2013
FYI...
JRE / JDK 7 update 11 were released on Saturday.
JRE 7u11
http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html
JDK 7u11
http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
it fixes the security holes in the browser plug-in component, widely
reported on the IT and mainstream press last Thursday-Friday, many of
which included the usual misinformation-FUD recommending to "uninstall
Java" (the whole JVM) instead of just disabling the browser plug-in.
In the release notes, ORCL says it has made the browser plug-in NOT
RUN by default any UNSIGNED or "Self-signed" applets without user
confirmation. This effectively should make "zero click surface"
attacks not possible anymore.
Firefox 18 also added a feature asking users to confirm before running
any plug-in content on each web page or a per-page basis. Thus
creating a double-confirmation to run unsigned or self-signed applets.
FC
--
During times of Universal Deceit, telling the truth becomes a revolutionary act
Durante épocas de Engaño Universal, decir la verdad se convierte en un
Acto Revolucionario
- George Orwell
--
During times of Universal Deceit, telling the truth becomes a revolutionary act
Durante épocas de Engaño Universal, decir la verdad se convierte en un
Acto Revolucionario
- George Orwell
More information about the Link
mailing list