Jump to content

Java 0day in the wild

MPM

By MPM
in General Discussion

 Share

Recommended Posts

D. V. Devnull

D. V. Devnull

Posted
Posted
I joke, but... "End Of RuneScape", perhaps? Wouldn't be surprised if someone finally managed to end Jagex's game somewhat. :twss:

It was fixed withing 10-20 minutes or so, and pretty much just affected the login server.

Awwwwwwwwwwwww... Would have been fun to see RuneScape dead... :sad:

 

~D. V. "I'm bummed out..." Devnull

tifuserbar-dsavi_x4.jpg and normally with a cool mind.

(Warning: This user can be VERY confusing to some people... And talks in 3rd person for the timebeing due to how insane they are... Sometimes even to themself.)

Link to comment
Share on other sites
Sylpheed

Sylpheed

Posted
Posted
I joke, but... "End Of RuneScape", perhaps? Wouldn't be surprised if someone finally managed to end Jagex's game somewhat. :twss:

It was fixed withing 10-20 minutes or so, and pretty much just affected the login server.

Awwwwwwwwwwwww... Would have been fun to see RuneScape dead... :sad:

 

~D. V. "I'm bummed out..." Devnull

 

Sorry, why are you still here again?

  • Like 11
Sylpheed.png
Link to comment
Share on other sites
Sbrideau

Sbrideau

Posted
Posted

So... Does this affect Java 6-series? :huh:

 

If not, I would say everyone should downgrade to the Latest Java 6 Update. It just seems to me that all the latest exploits only affect the Java 7-series platform. So it might be equally logical that if people stop using it and use the Latest Java 6-series until the bugs are fixed right, then we'll get a better Java 7-series for all. Geez, talk about newer not always being better. :-k

 

 

 

On less serious notes...

<<<Image: http://i.imgur.com/zDOM7.png>>>

 

Don't worry, Jagex already fixed it!

I joke, but... "End Of RuneScape", perhaps? Wouldn't be surprised if someone finally managed to end Jagex's game somewhat. :twss:

 

 

~D. V. "I don't think RS is even fully Java 7-series Compatible yet." Devnull

 

They only talk about the latest platform because it's the current one. Usually with Java if there's an exploit with the current version you can be sure there are exploits with the old versions. There's a reason it's updated so often, they find exploits in it every week. If you go on trusted websites such as Runescape, there are not risks to security.

Link to comment
Share on other sites
Piu

Piu

Posted
Posted

This sounds like a Java drive-by. And those have existed ever since who-knows-when.

zuzmo.png

collio.png

[hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide][hide]

Never gonna give you up.[/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide][/hide]

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites
Randox

Randox

Posted
Posted

I'd love a bit more detail on what the exact extent of the weakness is, but yeah, nice catch misplacedme, thanks (I'm going to guess that when they start recommending to outright uninstall Java, it's probably a flaw large enough to sail a ship through).

 

Also, a java drive by uses Java Script, though I believe you need a scripting language (normally Java Script) to run Java in a browser (please correct me if I'm wrong), so blocking scripting languages might still protect you. I would also imagine that Java is in a better position to get something onto your computer and getting it to run without raising an alarm.

 

I'd also be interested in the potential against phones in particular.

Link to comment
Share on other sites
Makoto_the_Phoenix

Makoto_the_Phoenix

Posted
Posted

I'd love a bit more detail on what the exact extent of the weakness is, but yeah, nice catch misplacedme, thanks (I'm going to guess that when they start recommending to outright uninstall Java, it's probably a flaw large enough to sail a ship through).

 

Also, a java drive by uses Java Script, though I believe you need a scripting language (normally Java Script) to run Java in a browser (please correct me if I'm wrong), so blocking scripting languages might still protect you. I would also imagine that Java is in a better position to get something onto your computer and getting it to run without raising an alarm.

 

I'd also be interested in the potential against phones in particular.

 

For the time being, it looks like it only affects the browser plugin (see http://www.kb.cert.org/vuls/id/625617).

 

Also, there's no involvement of Javascript here - unless that's the delivery path of choice for these attackers. Disabling Javascript may help, but it won't make you 100% safe from this. The only real way to be secure is to remove Java, full stop.

Linux User/Enthusiast Full-Stack Software Engineer | Stack Overflow Member | GIMP User
s1L0U.jpg
...Alright, the Elf City update lured me back to RS over a year ago.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept