Possible Java Exploits Can Expose PCs to Attack

Quick: visit http://www.isjavaexploitable.com/ on any PC close at hand. There are a number of Java exploits rampant in the wild at the moment, so you’ll want to see a resulting screen that looks like this if you do have Java installed:

No Java vulnerabilities found

On the other hand, if you don’t have Java installed, you’ll see something like this:

If Java is absent it can’t be exploited.

But if your installed version of Java is vulnerable to the latest zero-day exploits, you’ll see the following warning instead:

Your Java version is vulnerable: Look Out!

What to do if one or more machines shows up as vulnerable? Turn off Java is the safest and simplest response. Instructions for all major browsers are posted on the KrebsOnSecurity site associated with metasploit. This is a bona-fide zero day exploit folks, and may require immediate action!

Note: After a heckuva hullaballo, Oracle posted Version 7 Update 7 for Java today (8/30/2012) and it fixes all of the vulnerabilities that isjavaexploitable can detect. Visit  www.java.com/getjava/ to update yours immediately! Now, the only open questions are: 1. Have all 19 vulnerabilities that  Polish company Security Explorations reported to Oracle on April 2, 2012, been fixed? and 2. Have the remaining 10 vulnerabilities that they further found and reported after that date been fixed as well? I certainly hope so, but you’ll want to keep an eye on this situation, and read Lucian Constantin’s excellent Computerworld story from August 29 entitled “Oracle knew about zero-day Java vulnerabilities for months, researcher says” for more information, and an explanation as to why I remain to be fully convinced that all the exposures have been handled.