geblokkeerd
Jun 2, 2012 11:43 PM Photoshop CS6 does not use or require Java in any way. Nor do the CS6 installers. But Apple "helpfully" marked the Adobe CS6 installers as using Java, even though they don't. So MacOS warns you about Java, tries to download and install Java, for nothing. Apple has promised to update their code, one of these days.
Dus kortom, bijna een jaar later is er geen oplossing of work-around, iedere keer als ik Photoshop wil gebruiken moet in Java installeren en als ik klaar ben weer verwijderen omdat ik het liever niet op de computer wil hebben.
(Bewerkt door Shmoo om 14:36, 18-03-2013)
Oracle plans to release an update for the widely exploited Java browser plugin. The update fixes 39 critical vulnerabilities and introduces changes designed to make it harder to carry out drive-by attacks on end-user computers.The update scheduled for Tuesday comes as the security of Java is reaching near-crisis levels. Throughout the past year, a series of attacks hosted on popular websites has been used to surreptitiously install malware on unwitting users' machines. The security flaws have been used to infect employees of Facebook and Apple in targeted attacks intended to penetrate those companies. The vulnerabilities have also been exploited to hijack computers of home and business users. More than once, attackers have exploited one previously undocumented bug within days or weeks of patching a previous "zero-day," as such vulnerabilities are known, creating a string of attacks on the latest version of the widely used plugin.
The update scheduled for Tuesday comes as the security of Java is reaching near-crisis levels. Throughout the past year, a series of attacks hosted on popular websites has been used to surreptitiously install malware on unwitting users' machines. The security flaws have been used to infect employees of Facebook and Apple in targeted attacks intended to penetrate those companies. The vulnerabilities have also been exploited to hijack computers of home and business users. More than once, attackers have exploited one previously undocumented bug within days or weeks of patching a previous "zero-day," as such vulnerabilities are known, creating a string of attacks on the latest version of the widely used plugin.
Ondertussen zit ik op Java 6, omdat mijn zoon van 16 zo graag Feed The Beast speelt en dat niet met Java 7 op de Mac werkt. En voor zover ik kan zien geen problemen, maar er worden dan ook geen vage sites bezocht...
If you haven't installed last week's patch from Oracle that plugs dozens of critical holes in its Java software framework, now would be a good time. As in immediately. As in, really, right now.In the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 was folded into either the folded into the RedKit or CrimeBoss exploit kit. By Sunday, that attack code was being actively unleashed on unsuspecting end users, according to a short blog post published by a researcher from antivirus provider F-Secure.
In the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 was folded into either the folded into the RedKit or CrimeBoss exploit kit. By Sunday, that attack code was being actively unleashed on unsuspecting end users, according to a short blog post published by a researcher from antivirus provider F-Secure.
Trojans set a new record, causing nearly 80 percent of all computer infections worldwide. Despite their inability to replicate, Trojans are capable of triggering massive infections through compromised Web sites that exploit vulnerabilities in browser plug-ins like Java, Adobe Reader, etc. This attack method allows hackers to infect thousands of computers in just a few minutes with the same Trojan or different ones, as attackers have the ability to change the Trojan they use based on multiple parameters such as the victims location, the operating system used, etc.
Pieterr om 7:14, 6-05-2013that exploit vulnerabilities in browser plug-ins like Java, Adobe Reader, etc.
Een goede reden om niet de plugin van Adobe, maar 'gewoon' die van Apple te gebruiken...
http://www.nu.nl/blog/3494164/korte-tijd-malware-verspreid-via-advertentie-nunl.htmlhttp://www.nu.nl/blog/3494758/malware.html
Hoe is de malware verspreid?Zoals gezegd werd de malware geïnstalleerd via een advertentie. De software was niet afkomstig van de servers van NU.nl, maar stond op de servers van een advertentienetwerk. Het was niet nodig om op de advertentie te klikken om besmet te raken. Alleen gebruikers met Windows-computers waren kwetsbaar.
Zoals gezegd werd de malware geïnstalleerd via een advertentie. De software was niet afkomstig van de servers van NU.nl, maar stond op de servers van een advertentienetwerk. Het was niet nodig om op de advertentie te klikken om besmet te raken. Alleen gebruikers met Windows-computers waren kwetsbaar.
Details: http://blog.fox-it.com/2013/06/06/geinfecteerde-advertenties-op-nu-nl/
This is not a stable exploit (tested on Mac and Chrome. I do use Mac and Chrome so this is a big deal anyway), Homakov wrote. "Your photo can be saved on our servers but we don't do this in the PoC. The clickjack works in a fashion similar to previous attacks against Flash by hiding the dialogue that would prevent a hijack of the camera and mic behind another page element. This demonstration attack apparently needs to be tailored to the target browser, however. Ars has tested the exploit on Mac OS with Chrome and Firefox, Windows 8 with Internet Explorer and Chrome, and on Chrome OS; the exploit only worked consistently in Chrome browsers and not at all on Windows 8.
The clickjack works in a fashion similar to previous attacks against Flash by hiding the dialogue that would prevent a hijack of the camera and mic behind another page element. This demonstration attack apparently needs to be tailored to the target browser, however. Ars has tested the exploit on Mac OS with Chrome and Firefox, Windows 8 with Internet Explorer and Chrome, and on Chrome OS; the exploit only worked consistently in Chrome browsers and not at all on Windows 8.
Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2013
DescriptionThis Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Java SE Critical Patch Update for June 2013, which will be released on Tuesday, June 18, 2013. While this Pre-Release Announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the Critical Patch Update Advisory.This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This Critical Patch Update contains 40 new security vulnerability fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.
This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. This Critical Patch Update contains 40 new security vulnerability fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible.
Keeping Java up-to-date can help avoid inconvenienceFor at least the third time this year, Apple has blocked the Java 6 and Java 7 plug-ins on Macs due to "multiple security issues" in versions older than the most current. The update causes Java 6 installations older than update 51 to stop working, and for Java 7 versions older than update 25 are blocked. Java, which is not to be confused with programming language JavaScript, has been plagued with security issues for years.If Mac users already have Java installed, they may have a Java System Preference pane that can be used to update to the latest version. Otherwise, users will need to download and install the latest Java from Oracle's web page. User of OS X 10.6 can check Software Update to see if any new versions exist. Neither Apple nor Oracle support Java on machines running 10.5 or earlier, or on PPC-based Macs, and strongly advise owners of such machines to disable Java completely.
For at least the third time this year, Apple has blocked the Java 6 and Java 7 plug-ins on Macs due to "multiple security issues" in versions older than the most current. The update causes Java 6 installations older than update 51 to stop working, and for Java 7 versions older than update 25 are blocked. Java, which is not to be confused with programming language JavaScript, has been plagued with security issues for years.
If Mac users already have Java installed, they may have a Java System Preference pane that can be used to update to the latest version. Otherwise, users will need to download and install the latest Java from Oracle's web page. User of OS X 10.6 can check Software Update to see if any new versions exist. Neither Apple nor Oracle support Java on machines running 10.5 or earlier, or on PPC-based Macs, and strongly advise owners of such machines to disable Java completely.
Pieterr om 13:13, 1-09-2013and for Java 7 versions older than update 25 are blocked.
Maar dat betekent toch gewoon dat er niets aan de hand is? Alleen dat je Java moet updaten, of mis ik iets?
Iedereen die Java niet automatisch laat updaten is volgens mij sowieso niet zo heel erg slim bezig, voor het bewijs daarvan hoef je alleen maar dit draadje te lezen en al het nieuws over Java dat wij het afgelopen jaar hier op de site hebben gehad...
It's about time: Java update includes tool for blocking drive-by exploitsWhitelist clamps down on web-based codeOracle's latest update to the Java SE Development Kit (JDK) version 7 adds new security features designed to help businesses avoid being stung by critical vulnerabilities in out-of-date versions of Java.After a string of embarrassing Java security flaws was disclosed by independent researchers, Oracle has made addressing vulnerabilities its top priority for JDK 7, even going as far as to delay the release of JDK 8 so it could devote more resources to fixing bugs.But many businesses still keep older versions of Java installed on client PCs because certain custom applications require them. That's bad, because these out-of-date versions contain critical vulnerabilities that in some cases will never be fixed. Oracle discontinued support for JDK 6 in June.JDK 7 Update 40, issued on Tuesday, implements a new feature called Deployment Rule Set that aims to address this problem. It allows businesses that centrally manage their Java desktop installations to establish a set of rules specifying which Java applets and Java Web Start applications collectively termed Rich Internet Applications (RIAs) are allowed to run on client PCs.
Oracle's latest update to the Java SE Development Kit (JDK) version 7 adds new security features designed to help businesses avoid being stung by critical vulnerabilities in out-of-date versions of Java.
After a string of embarrassing Java security flaws was disclosed by independent researchers, Oracle has made addressing vulnerabilities its top priority for JDK 7, even going as far as to delay the release of JDK 8 so it could devote more resources to fixing bugs.
But many businesses still keep older versions of Java installed on client PCs because certain custom applications require them. That's bad, because these out-of-date versions contain critical vulnerabilities that in some cases will never be fixed. Oracle discontinued support for JDK 6 in June.
JDK 7 Update 40, issued on Tuesday, implements a new feature called Deployment Rule Set that aims to address this problem. It allows businesses that centrally manage their Java desktop installations to establish a set of rules specifying which Java applets and Java Web Start applications collectively termed Rich Internet Applications (RIAs) are allowed to run on client PCs.
Maar wel goed om te zien dat het eindelijk goed wordt aangepakt..!
The new feature will have little effect on home users. Ars continues to recommend that individuals carefully evaluate their system needs and consider uninstalling Java altogether, keeping the Java runtime installed but uninstalling all Java browser plugins, or using a dedicated browser for those sites that require Java and using a different browser for viewing all other pages.
Oracle dicht in een patch die dinsdag 14 januari uitkomt 36 kwetsbaarheden in Java, waaronder 34 kwetsbaarheden die op afstand zijn te misbruiken en daardoor als ernstig te classificeren zijn. In totaal worden dinsdag 147 kwetsbaarheden in Oracle-producten gedicht.De 34 Java-kwetsbaarheden die op afstand zijn te misbruiken zijn het ernstigst: die stellen een aanvaller mogelijk in staat om bijvoorbeeld vanuit een webbrowser malware te installeren op de pc van de gebruiker. Het is niet duidelijk bij hoeveel van de kwetsbaarheden dat daadwerkelijk kan. In een van de gevallen gaat het om een kwetsbaarheid waarvan de ernst op een schaal van 1 tot 10 een '10' meekrijgt.
De 34 Java-kwetsbaarheden die op afstand zijn te misbruiken zijn het ernstigst: die stellen een aanvaller mogelijk in staat om bijvoorbeeld vanuit een webbrowser malware te installeren op de pc van de gebruiker. Het is niet duidelijk bij hoeveel van de kwetsbaarheden dat daadwerkelijk kan. In een van de gevallen gaat het om een kwetsbaarheid waarvan de ernst op een schaal van 1 tot 10 een '10' meekrijgt.
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
Adobe has released security updates for Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.332 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.
http://www.adobe.com/nl/software/flash/about/
http://helpx.adobe.com/security.html
http://helpx.adobe.com/security/products/flash-player/apsb14-08.html
http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html
http://tweakers.net/nieuws/94922/oracle-brengt-java-8-uit.html
http://mreinhold.org/blog/
(Bewerkt door Pieterr om 23:39, 19-03-2014)