Earlier today, FireEye, DeepEndResearch and AlienVault has posted on their blog regarding their findings on the recent JRE 1.7 0day exploit. Within seconds, @jduck1337 has came out with the PoC of the exploit and later it has been ported and made public by Metasploit
While waiting for the patch (from Oracle) to be available, users are highly recommended to disable the Java support in their browser. Java support can be disabled by:
- For Internet Explorer user
- Click Tools and then Internet Options
- Select the Security tab, and select the Custom Level button
- Scroll down to Scripting of Java applets
- Make sure the Enable radio button is unchecked
- Click OK to save your preference
- For Google Chrome user
- Click on the wrench icon, then select Options.
- Select Under the Hood and then Privacy Content Settings.
- The Content Settings panel will appear.
- In the Plug-ins section, select the Disable individual plug-ins link to check whether Java is enabled
- Click on the Disable link (if the Enable link appears, Java is already disabled)
- For Mozilla Firefox user
- Start Mozilla Firefox browser
- At the top of the browser, select the Firefox button (or Tools menu in Windows XP), then Add-ons
- The Add-ons Manager tab will open.
- In the Add-ons Manager tab, select Plugins
- Click Java (TM) Platform plugin to select it
- Click on the Disable button (if the button says Enable, Java is already disabled)
- For Safari user
- Launch Safari browser
- Click on Safari and select Preferences
- Click on the Security tab
- Uncheck (unselect) Enable Java check box
- Close Safari Preferences window
Stay safe. Bye