US-CERT warns users to disable Java in web browsers, Apple# Java - 爪哇娇娃
r*y
1 楼
http://www.engadget.com/2013/01/12/us-cert-java-security-warnin
It's far from the first time that computer users have been warned to disable
Java, but this latest security issue has risen to some high levels at a par
ticularly rapid pace. After first being reported by security researchers on
Thursday, the United States Computer Emergency Readiness Team (or US-CERT, a
part of the Homeland Security department) stepped in with a warning of its
own on Friday, which bluntly suggested that all computer users should disabl
e Java in their web browsers (for its part, Oracle says that a fix is coming
"shortly"). The flaw itself is a vulnerability in the Java Security Manager
, which an attacker could exploit to run code on a user's computer.
Not content to wait for a fix, some companies have already taken steps to bl
ock possible exploits. That includes Apple, which has added recent versions
of Java to its blacklist covering all OS X users, and Mozilla, which has ena
bled its "Click To Play" functionality in Firefox for all recent versions of
Java across all platforms (it was previously only enabled by default for ol
der versions of Java). Apple's move follows an earlier decision to remove th
e Java plug-in from browsers in OS X 10.7 and up last fall. You can find the
full alert issued by US-CERT and additional details on the vulnerability at
the links below.
It's far from the first time that computer users have been warned to disable
Java, but this latest security issue has risen to some high levels at a par
ticularly rapid pace. After first being reported by security researchers on
Thursday, the United States Computer Emergency Readiness Team (or US-CERT, a
part of the Homeland Security department) stepped in with a warning of its
own on Friday, which bluntly suggested that all computer users should disabl
e Java in their web browsers (for its part, Oracle says that a fix is coming
"shortly"). The flaw itself is a vulnerability in the Java Security Manager
, which an attacker could exploit to run code on a user's computer.
Not content to wait for a fix, some companies have already taken steps to bl
ock possible exploits. That includes Apple, which has added recent versions
of Java to its blacklist covering all OS X users, and Mozilla, which has ena
bled its "Click To Play" functionality in Firefox for all recent versions of
Java across all platforms (it was previously only enabled by default for ol
der versions of Java). Apple's move follows an earlier decision to remove th
e Java plug-in from browsers in OS X 10.7 and up last fall. You can find the
full alert issued by US-CERT and additional details on the vulnerability at
the links below.