The Latest in IT Security

Protecting yourself from CVE-2012-4681 Java exploits

30
Aug
2012

As we’ve discussed in previous posts, we are seeing more malware abusing Java issues, including CVE-2012-4681. Currently this vulnerability is an 0-day, and to date there is no patch available from the vendor. It is known that JRE (Java Runtime Environment) 7 is vulnerable to attack on this sandbox-breach vulnerability, while JRE 6 is not. We’ve already talked about increasing your protections from Java malware in general, whether by checking to confirm that your Java installation is up to date or by, if you so choose, disabling the Java plug-in for your browser. In the case of CVE-2012-4681-exploiting malware, updating to the latest version doesn’t increase one’s protection from the issue.

If, after evaluating the available information on current threats, you decide that disabling the Java web plug-in is the right choice for you, we have step-by-step instructions for doing so in Knowledge Base article 2751647. Note that because Java can be invoked in two different ways by Internet Explorer, the KB article includes two sets of instructions – one for the applet object and one for the Java Virtual Machine object. Customers looking to fully disable the plug-in should configure both security controls. If you prefer to undertake these changes by running a script, we’ve written one that encompasses both sets of steps, and that is available here.

Update 08/30/2012 PST: Java released an update that addresses the vulnerability discussed here; you can download the update from here.

It may be necessary to remove older versions of Java that are still present. Keeping old and unsecure versions of Java on your system presents a serious security risk. To read more about why you should remove older versions of Java, see the advice here.

Jeong Wook (Matt) Oh
MMPC

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments