Thursday, January 10, 2013

Another Day, Another Java-In-The-Browser security hole

This one affects even fully patched, up to date browsers.
It works like so:

  1. use any browser with java enabled
  2. visit a page
  3. owner of page can now execute arbitrary code on your computer

I love java, but, damn if it doesn't suck in the browser. This is just the latest, if you still have it enabled in your browser, now is the time to disable it. 

Do it now.

By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.

No comments: