Top Nav

Shutdown Your Java Before You Get Infected – Java Zero Day Exploit Hit Today

Recently a new Java exploit that infects systems through the internet browser plugin has made systems across the globe vulnerable to infection. The exploit affects anyone running the 1.7 Java Runtime  Environment or later. Earlier version 1.6 are safe, for now. You’re also safe using Java-based desktop applications that are not designed to browse the web. Currently only Windows computers are at risk, but it could easily migrate to Mac or Linux by the time Oracle releases a security patch.

According to theregister.co.uk the vulnerability infects systems when a web browser with a Java plugin enabled visits a webpage hosting the exploit. The attacking website will trick the browser into downloading nearly any type of 3rd party software in the background without notice. This includes viruses, malware, spyware, trojans, or other malicious packages. Under normal circumstances, Oracle only patches Java three times a year, and the next update is due October 16, 2012. So unless Oracle breaks its update habit and release an early fix, the only thing you can do to protect yourself in the meantime is disable Java on all of your web browsers. Here’s how:

How to Disable Java in the top 3 web browsers

Chrome

  1. Open Google Chrome and type chrome://plugins into the address bar.
  2. Scroll down the list and then click the Disable button.
    Java should now be disabled in Chrome.

disable java in chrome

Firefox

  1. Open Firefox and click the Firefox button then select Add-ons.
  2. In the Add-ons Manager click the Plugins tab and then click Disable for the two Java items in the list.
    Java in Firefox should now be disabled.

firefox add-onsdisable java in firefox

Internet Explorer

  1. Disable Windows UAC (unfortunately Oracle never solved compatibility issues…)
  2. Open the Control Panel, then the Java applet from the control panel. In order to see this window you may need to change the View to Large icons (button at the top-right)
  3. In the Java applet click the Advanced tab.
  4. Click the Microsoft Internet Explorer checkbox. It is grayed out by default, because Oracle devs are jerks. Just select it and push the spacebar to sneakily get around that.
  5. Click OK to save changes. Restart the computer and make sure Java is disabled.
  6. Re-enable UAC.

control panel start menujava control panel

advanced java optionsdisable internet explorer java

Keep in mind that Java and JavaScript are not the same thing. JavaScript is still secure, only Java needs to be disabled.

,

3 Responses to Shutdown Your Java Before You Get Infected – Java Zero Day Exploit Hit Today

  1. Bogdan Bele August 28, 2012 at 11:29 pm #

    Thanks for the tip! I did it, just in case.
    I remember a friend telling me that Java is the first thing to get rid of, on any computer. 🙂

  2. Jamr August 29, 2012 at 10:58 am #

    None of the current Java version numbers (including your image) match what you are typing about at the top of this article.

    • Austin Krause August 29, 2012 at 12:12 pm #

      Hi Jamr,

      The plugin versions will display a different build number than the current runtime environment installed on the computer. To check the current version on your computer follow up to Step 2 for the Internet Explorer instructions but then check the About button under the General Tab. It should look like this: http://i.imgur.com/fjzAe.png

      Thanks for the question and welcome to groovy!

Leave a Reply