[Update to a link at java.com offering more information on disabling Java in web browsers.]
This is a quick pointer to blogs posted by our colleagues in Spain and in Latin America over the past two days. Normally I’d generate a proper translation, but as I’m in the middle of something else right now, I’m going to have to refer you to some machine translations that are considerably lacking in elegance, but will give you an idea of the story behind the article posted by Robert Lipovsky.
Josep Albors of Ontinet posted a story on The First Java 0-day of 2013 yesterday and a later one on how Several Threats Propagate Through the New 0-Day Java Vulnerability.
. And our colleagues in Latin America posted on Alert: exploit 0-day Java massively used by exploit kits.
Stephen Cobb has also pointed out that we have a previous post on disabling Java which is very much to the point: Java zero day = time to disable Java, in your browser at least. And Robert points out that ‘the latest version of Java has introduced a unified way of disabling it in browsers‘.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, We Live Security