科技回声

Links to <a href="http://blog.cr0.org/2010/04/javacalypse.html" rel="nofollow">http://blog.cr0.org/2010/04/javacalypse.html</a>, which is much more informative.

According to the advisory at <a href="http://seclists.org/fulldisclosure/2010/Apr/119" rel="nofollow">http://seclists.org/fulldisclosure/2010/Apr/119</a>:<p>"All versions since Java SE 6 update 10 for Microsoft Windows are believed to be affected by this vulnerability. Disabling the java plugin is not sufficient to prevent exploitation, as the toolkit is installed independently."<p>Harmless demonstration at <a href="http://lock.cmpxchg8b.com/bb5eafbc6c6e67e11c4afc88b4e1dd22/testcase.html" rel="nofollow">http://lock.cmpxchg8b.com/bb5eafbc6c6e67e11c4afc88b4e1dd22/t...</a>

Fixed in Java 1.6.0_20 released today. Go get it.

Hm doesn't seem to work on my Opera although I have Java installed and I quite regularly use javawebstart (for example jabref)

Links to <a href="http://blog.cr0.org/2010/04/javacalypse.html" rel="nofollow">http://blog.cr0.org/2010/04/javacalypse.html</a>, which is much more informative.

Fixed in Java 1.6.0_20 released today. Go get it.

Hm doesn't seem to work on my Opera although I have Java installed and I quite regularly use javawebstart (for example jabref)

Java zero-day flaw under active attack

4 条评论

Java zero-day flaw under active attack

4 条评论