Most people are conditioned to click through warning messages and may not get the protect they need against drive-by attacks. The problem is you need to be informed and know enough to choose the right option. The advantage to this approach is that you are prompted every time a website wants to launch a Java applet and you can make an informed decision as to whether you truly need that applet. This can be a double-edged sword when it comes to known vulnerable plugins. In Mozilla’s announcement they explain that plugins on the blocklist are forced into utilizing Firefox’s Click to Play functionality. Mozilla has added all current releases of Java to its add-on blocklist. Mozilla is no slouch when it comes to security and has implemented an almost identical procedure. The result? Over 600,000 Macs were infected with malware in the interim. CVE-2012-0507 was fixed by Oracle in February, but Apple didn’t make the patch available until April. It appears that Apple has learned an important lesson from this time last year. While the reports have been stating the issue is with Java 7, there are reports from researchers that Java versions 1.4 and higher are all vulnerable to this flaw. Instead of identifying a new virus, this updated definition temporarily disabled the Java Web Start browser plugin that enables Java applications to run inside of Safari/Firefox/Chrome. This afternoon, Friday January 11th here on the North American West coast, Apple released an updated malware definition list for their XProtect pseudo-antivirus protection in OS X Snow Leopard and newer. As if advice from SophosLabs own Fraser Howard and the US Department of Homeland Security are not enough reason to ditch Java, Apple and Mozilla have both decided to join the party.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |