Just got an email at work about this one. It’s the first they’ve ever sent out a mass-distribution email about a Java security problem. Amazingly, they did not tell us to disable Java in our browsers, but rather to just not install new stuff from the web, and not visit web sites we did not already know and trust.
and Oracle has surprisingly released an update to fix the above.
To think how much bad publicity and uncertainty they could have saved themselves, if only they had made an announcement earlier that they were in the process of rushing out an update. :
That’s terrible advice. No one can possibly know what sites can actually be “trusted” and you still have to worry about ads and invisible third party code.
Yep. Working at a large software company, you think we’d know better.
Assuming that level of competence, you probably have a huge list of addresses in the CC field. Why not send your personal warning+advice to your coworkers? (remember to spoof both the MAIL FROM * and From: * SMTP fields.)
Eh oh, another zero day remotely executable flaw discovered on latest Java 7 update 7
Oh and yet another http://arstechnica.com/security/2012/09/yet-another-java-flaw-allows-complete-bypass-of-security-sandbox/
For the average user (the kind that visit any website it can find and would get viruses within a day if it wasn’t for the virus scanner) it’s probably good advice to disable java in the browser.
Sadly, Oracle seems to be perfectly happy with that.
Woo Click-to-Play on plugins ;D One of the features I love in Google Chrome.
Now if Chrome would only get something like NoScript – all the existing implementations are toys, have dreadful UIs, and are trivial to defeat. And while I’m wishing, I’d just squeal like a schoolgirl if any browser on Android grew usable NoScript support. There was the start of a port for firefox mobile, but it seems to have gone nowhere.