Thread: Java
View Single Post
Old 01-12-2013, 02:14 PM   #11
MAXUM
Senior Member
 
MAXUM's Avatar
 
Join Date: Apr 2004
Location: Kuna ID
Posts: 2,755
Thanks: 246
Thanked 1,942 Times in 802 Posts
Default
Quote:
Originally Posted by PaugusBayFireFighter View Post
Same here...iPads and Chromebooks for us...no worries, no virus.
Seriously?

I remain neutral far as operating systems go, but anything is hackable and anything can be exploited, yes even your apple products! Think I'm kidding? Here's proof!

That exploit for Java is exercising the JRE or Java Runtime Environment. One of the reasons for Java's popularity is the fact it can with a single code base run on multiple platforms. Many software companies are writing their code in Java so it is platform agnostic and a huge cost savings. Now that said... this exploit affects everything that has Oracle's JRE installed for now, but my guess is that may end up expanding over the coming days, however other iterations of JRE's have been produced by others (as it is an open platform but all based on a common code set) so no doubt affected as well. However I digress, sample code for the exploit has been published, I cut the important pieces out to show that it doesn't matter what you got if Java is installed, you're at risk.

'References' =>
[
[ 'CVE', '2013-0422' ],
[ 'URL', 'http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html' ],
[ 'URL', 'http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/' ]
],
'Platform' => [ 'java', 'win', 'osx', 'linux' ],
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)',
{
'Platform' => ['java'],
'Arch' => ARCH_JAVA,
}
],
[ 'Windows x86 (Native Payload)',
{
'Platform' => 'win',
'Arch' => ARCH_X86,
}
],
[ 'Mac OS X x86 (Native Payload)',
{
'Platform' => 'osx',
'Arch' => ARCH_X86,
}
],
[ 'Linux x86 (Native Payload)',
{
'Platform' => 'linux',
'Arch' => ARCH_X86,
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jan 10 2013'
))

So don't think because you run anything but Windows you're safe cause you're not. At least one good thing about Windows is a virus can't come along and re-compile your Kernel and really blow your system to smithereens.

The only reason why MACs and LINUX os's haven't seen the number of exploits as Windows is simply that Windows is a much larger target due to market share. Not that either on is fundamentally more secure.

Again not turning this into a which is better than the other discussion, just saying don't have a false sense of security
MAXUM is offline   Reply With Quote