US-CERT warns users to disable Java in web browsers, Apple# Security - 系统安全
r*y
1 楼
【 以下文字转载自 Java 讨论区 】
发信人: rodney (√), 信区: Java
标 题: US-CERT warns users to disable Java in web browsers, Apple
发信站: BBS 未名空间站 (Sat Jan 12 16:12:04 2013, 美东)
http://www.engadget.com/2013/01/12/us-cert-java-security-warnin
It's far from the first time that computer users have been warned to disable
Java, but this latest security issue has risen to some high levels at a par
ticularly rapid pace. After first being reported by security researchers on
Thursday, the United States Computer Emergency Readiness Team (or US-CERT, a
part of the Homeland Security department) stepped in with a warning of its
own on Friday, which bluntly suggested that all computer users should disabl
e Java in their web browsers (for its part, Oracle says that a fix is coming
"shortly"). The flaw itself is a vulnerability in the Java Security Manager
, which an attacker could exploit to run code on a user's computer.
Not content to wait for a fix, some companies have already taken steps to bl
ock possible exploits. That includes Apple, which has added recent versions
of Java to its blacklist covering all OS X users, and Mozilla, which has ena
bled its "Click To Play" functionality in Firefox for all recent versions of
Java across all platforms (it was previously only enabled by default for ol
der versions of Java). Apple's move follows an earlier decision to remove th
e Java plug-in from browsers in OS X 10.7 and up last fall. You can find the
full alert issued by US-CERT and additional details on the vulnerability at
the links below.
发信人: rodney (√), 信区: Java
标 题: US-CERT warns users to disable Java in web browsers, Apple
发信站: BBS 未名空间站 (Sat Jan 12 16:12:04 2013, 美东)
http://www.engadget.com/2013/01/12/us-cert-java-security-warnin
It's far from the first time that computer users have been warned to disable
Java, but this latest security issue has risen to some high levels at a par
ticularly rapid pace. After first being reported by security researchers on
Thursday, the United States Computer Emergency Readiness Team (or US-CERT, a
part of the Homeland Security department) stepped in with a warning of its
own on Friday, which bluntly suggested that all computer users should disabl
e Java in their web browsers (for its part, Oracle says that a fix is coming
"shortly"). The flaw itself is a vulnerability in the Java Security Manager
, which an attacker could exploit to run code on a user's computer.
Not content to wait for a fix, some companies have already taken steps to bl
ock possible exploits. That includes Apple, which has added recent versions
of Java to its blacklist covering all OS X users, and Mozilla, which has ena
bled its "Click To Play" functionality in Firefox for all recent versions of
Java across all platforms (it was previously only enabled by default for ol
der versions of Java). Apple's move follows an earlier decision to remove th
e Java plug-in from browsers in OS X 10.7 and up last fall. You can find the
full alert issued by US-CERT and additional details on the vulnerability at
the links below.