موضوع: با پیدا شدن ضعف در جاوا آمریکا به کاربران رایانه هشدار داد برنامه جاوا را غیر فعال کنند
نمایش پست تنها
  #3  
قدیمی 01-13-2013
کارگر سایت آواتار ها
کارگر سایت کارگر سایت آنلاین نیست.
ادمین در لباس کارگر!
  
تاریخ عضویت: Aug 2007
محل سکونت: کرمانشاه
نوشته ها: 1,444
سپاسها: : 907

4,878 سپاس در 836 نوشته ایشان در یکماه اخیر
کارگر سایت به Yahoo ارسال پیام
پیش فرض http://www.us-cert.gov/cas/techalerts/TA13-010A.html
لینک بیانیه یو اس سرت http://www.us-cert.gov/cas/techalerts/TA13-010A.html

Alert (TA13-010A)

Oracle Java 7 Security Manager Bypass Vulnerability




Systems Affected

Any system using Oracle Java 7 (1.7, 1.7.0) including
  • JavaPlatform Standard Edition 7 (Java SE 7)
  • Java SE Development Kit (JDK7)
  • Java SE Runtime Environment (JRE 7)
All versions of Java7 through update 10 are affected. Web browsers using the Java 7 plug-inare at high risk.
Overview

A vulnerability in the way Java 7 restricts the permissions of Java appletscould allow an attacker to execute arbitrary commands on a vulnerablesystem.
Description

A vulnerability in the Java Security Manager allows a Java applet to gran****elf permission to execute arbitrary code. An attacker could use socialengineering techniques to entice a user to visit a link to a website hosting amalicious Java applet. An attacker could also compromise a legitimate web siteand upload a malicious Java applet (a "drive-by download"attack).
Any web browser using the Java 7 plug-in is affected. The JavaDeployment Toolkit plug-in and Java Web Start can also be used as attackvectors.
Reports indicate this vulnerability is being actively exploited,and exploit code is publicly available.
Further technical details areavailable in Vulnerability Note VU#625617.
Impact

By convincing a user to load a malicious Java applet or Java NetworkLaunching Protocol (JNLP) file, an attacker could execute arbitrary code on avulnerable system with the privileges of the Java plug-in process.
Solution

Disable Java in web browsers
This and previous Javavulnerabilities have been widely targeted by attackers, and new Javavulnerabilities are likely to be discovered. To defend against this and futureJava vulnerabilities, consider disabling Java in web browsers until adequateupdates are available. As with any software, unnecessary features should bedisabled or removed as appropriate for your environment.
Starting withJava 7 Update 10, it is possible to disable Java content in web browsers throughthe Java control panel applet. From Settingthe Security Level of the Java Client:
Forinstallations where the highest level of security is required, it is possible toentirely prevent any Java apps (signed or unsigned) from running in abrowser by de-selecting Enable Java content in the browser in the JavaControl Panel under the Security tab.
If you are unable to updateto Java 7 Update 10 please see the solution section of Vulnerability Note VU#636312 forinstructions on how to disable Java on a per-browser basis.
References
Revision History
  • January 10, 2013: Initial release
  • January 11, 2013: Updated language about disabling Java in web browsers
پاسخ با نقل قول
جای تبلیغات شما اینجا خالیست با ما تماس بگیرید