How to avoid the latest Java 0-day vulnerability

Java application software has always been extremely vulnerable due to its cross-platform nature. Exploits developed for this software platform can be used to affect various computer systems across diverse computing environments. Now, a new 0-day vulnerability is being exploited by attackers and this is causing mayhem across the computer security world.

What is the vulnerability?
This latest vulnerability (CVE-2012-4681) has the ability to execute malicious code on any device that has a Java plug-in enabled on a web browser. For the last few days this exploit has been used for targeted attacks but it is expected to become more widespread now as more attackers get their hands on the exploit kit.

What versions of Java are affected?
This vulnerability exploits all systems with Oracle’s Java runtime environment (JRE) 1.7 installed. This includes systems that have updates 0 to 6. A machine that has a lower version installed is not vulnerable. Most browsers have Java plug-ins enabled by default so this is what makes the threat a critical one.

What browsers are vulnerable?
Since this is a cross-platform threat all popular browsers are at risk. This includes all versions of Internet Explorer, Mozilla Firefox and Opera. Google Chrome that runs on Windows XP is also at risk as is Safari that runs on OS X 10.7.4.

People with Macs should not feel that they are invulnerable as this threat is similar to the Flashback malware that affected 600,000 Macs recently. That threat also exploited unpatched Java versions so everyone is at risk here.

What needs to be done?
Oracle only releases updates for Java once every 4 months and very rarely breaks this cycle. As of now the next update will only be available in October so it is imperative to take suitable action immediately. The best course of action one can take now is to disable the Java plug-in from each browser independently or to remove Java runtime completely. Here is what users of the various browsers can do to disable Java:

 

Web Browser

How to Disable Java

Google Chrome

  • Click on ‘Settings‘ under the Spanner option
  • Click on ‘Show Advanced Settings
  • Click on ‘Content Settings‘ under ‘Privacy
  • Scroll to ‘Plug-ins‘ and click on ‘Disable individual plug-ins
  • Disable the check box next to Java
  • If you do not see the Java box then Java is not installed on your machine.

Internet Explorer

  • Open Control Panel and launch the Java applet. If you cannot see it, switch to classic view or small icons view.
  • Click on the ‘Advanced‘ tab.
  • Expand the term ‘Default Java for browsers
  • Uncheck the box next to Internet Explorer.
  • If it does not get unchecked by clicking, select it and press the Space Bar.

Mozilla Firefox

Same process as Internet Explorer. The box that needs to be unchecked is ‘Mozilla family‘.

Opera

Type ‘about:config‘ in the address bar. Expand the Java section and then disable it from there.

NOTE: Do not confuse ‘Java’ with ‘Javascript’.

Google Chrome and Mozilla Firefox users can also use the click-to-play feature. This feature blocks any plug-in content from playing by default. It is not as effective as disabling the plug-in completely but it may just do the trick.

The Browser Sandbox feature in Quick Heal 2013 automatically protects users from such 0-day threats. In the interim period, users are requested to disable Java plug-ins from their browsers or to uninstall Java altogether.

Rahul Thadani

Rahul Thadani

Follow @

Subscribe
Notify of
guest
46 Comments
Inline Feedbacks
View all comments
Dilip
Dilip
8 years ago

Excellent advice – I have removed the check marks as explained. Thanks.

Ananya
Ananya
8 years ago

Thank you for the clear instructions. Hope you’ll inform us when the threat passes (if it does??).

govind purohit
govind purohit
8 years ago

thanks for this but there is confusion that some banking site dont run without java than wht
plz advice

Shila
Shila
8 years ago

Some secure websites require Java plug-ins to open. How can that be done if Java is diabled. Please advise

Aniruddha Patankar
Aniruddha Patankar
8 years ago

Thanx Sir

Dhagash
Dhagash
8 years ago

I tried for internet explorer using control panel, but was unable to disable java plug-in. please help.

jivan
jivan
8 years ago

If java is not installed than what to do???

Girijesh
Girijesh
8 years ago

Thank you for the latest info

Anirudh
Anirudh
8 years ago

Thnx a lot Rahul.!
done as said..!!

Nikhil
Nikhil
8 years ago

i did as directed….bt still gt some issues!! 🙁

VilasRao
VilasRao
8 years ago

I am in-frequent user of the net. Still I have followed the advice. Is it necessary to re-boot the system after this change ?

Rahul
Rahul
8 years ago

I am unable to uncheck the box next to internet explorer in advanced settings of java in control panel. Please tell me if there’s any other way. does this threat stand if i visit a particular site or all sites with java enabled?

Apurva
Apurva
8 years ago

Not able to remove the check box, the system gives a message “Please check if you sufficient permissions to change system settings”. I am using Windows 7 Home Edition. Please suggest whats to be done.

panka kumar sinha
panka kumar sinha
8 years ago

dear sir
i have quick heal total security installed. Is it necessary to disable Java plug in

Guroo
Guroo
8 years ago

How do i know if the threat has already victimised my browser? I feel it has because i have already lost google chrome and it is displaying errors while i try to download and install it. Could you please tell me what symptoms this threat would cause, so that i be sure what has happened? And I would be highly obliged if you suggest something i can do.

ria
ria
8 years ago

Hi, it’s giving an error of insufficient permission whras im d admin 🙁 can u help plz!

LALIT ADHANA
LALIT ADHANA
8 years ago

…….. THANKS FOR GIVEN SUGGESTOINS & IF ANY RELATED QUERY SOON INFRM USSSS !!!!!!!! THANKS ALOTTMENT FOR INSTRUCTIONS

Yogesh
Yogesh
8 years ago

Thanx for useful advise. vulnerability blocked.

rami
rami
8 years ago

thank you very much it was very useful information 🙂

george
george
8 years ago

thak u soo much

George
George
8 years ago

Perfect

Raveen
Raveen
8 years ago

Thanks for the help to remove Java.

Nikhil
Nikhil
8 years ago

Thank You, For, Mentioned Such Important Aspect Of “Java 0-day”…………!

Karani
Karani
8 years ago

THANKS….

Ejaz
Ejaz
8 years ago

Is there any threat to mobile users? If yes, how can I disable Java on my cellphone running Android OS and Firefox Browser?

Amit Vikram
Amit Vikram
8 years ago

I have already installed the latest version of Quicheal 2013 on my PC. Do I need to disable Java Plugins?

Nadeem Akhtar
Nadeem Akhtar
8 years ago

I have quick heal total security installed in my pc (XP), each page i open i get a message of the site you are visiting is dangerous. what is this and how can i stop it. even the home page of google is dangerous!!!

ranjeet kumar
ranjeet kumar
8 years ago

How do i know if the threat has already victimised my browser? I feel it has because i have already lost google chrome and it is displaying errors while i try to download and install it. Could you please tell me what symptoms this threat would cause, so that i be sure what has happened? And I would be highly obliged if you suggest something i can do.

Sameer
Sameer
8 years ago

Thanks alot For updating with with this Crucial UPDATE.Since it is the Mostly widely used.Your updates really help me alot also plz keep the weekly update feature to on since it gives a flashback for updated security.

thanks once again Rahul.

Tahseen
Tahseen
8 years ago

Thanks a lot Rahul for your kind help…
Regards
ST :))

46
0
Would love your thoughts, please comment.x
()
x