Critical Java bug exploit - anyone doing anything to disable Java via policy?

althea
Contributor

Looking at this -- http://arstechnica.com/security/2012/08/critical-java-exploit-spreads/ -- and wondering if anyone out there is crafting policies to disable Java in the various browsers of choice. We're thinking about it. Thought I'd see if anyone else is doing anything before we start getting serious about it.

1 ACCEPTED SOLUTION

justinrummel
Contributor III

Take a look at these settings for disabling Java in Safari.

http://www.bynkii.com/archives/2012/08/yet_another_reason_i_use_safar.html

View solution in original post

8 REPLIES 8

justinrummel
Contributor III

Take a look at these settings for disabling Java in Safari.

http://www.bynkii.com/archives/2012/08/yet_another_reason_i_use_safar.html

nessts
Valued Contributor II

gee @justinrummel that's quite the 12 year old you have found, or just really angry adult with no control over his cursing.

disabling java is impossible if you have an SSL vpn solution, that uses java for everything it does.

i never, not once found a machine infected with the previous java scare. if you browse to reputable sites you will likely be safe i would think. Those that don't and blow their stuff up, how bad can you feel for them?

althea
Contributor

@nessts said: "Those that don't and blow their stuff up, how bad can you feel for them?"
I don't think it's a matter of feeling bad for them. I think most of us are concerned about having to clean up after those folks (and preferring not to have to if we can avoid it). Occasionally part of an admin's job is protecting users from themselves.

@justinrummel Thanks for the link.

nessts
Valued Contributor II

wipe install, thats probably faster than trying to make every browser in the world safe from exploits. is it the right answer, not sure, but if a corporate user is using his computer in a way that he should not have been and corrupts it, i will just reinstall instead of debugging it. they pay for speedy resolution and wipe install is pretty quick. user data is usually save on another partition too to aid in this.

frozenarse
Contributor II

Unfortunately 'Legitimate' websites are responsible for the majority of malware. It was only a few years ago that the SuperBowl website was used to infest visitors. I have never been accused of 'coddling' end users but I don't think we can put the blame/responsibility solely on their shoulders here....

I have started to collect inventory on Java version based on the methods discussed here: https://jamfnation.jamfsoftware.com/discussion.html?id=3985

I don't want to head down the 1.7 line (downloadable from Oracle) if I can help it. Hopefully Apple releases 1.6.0_35 soon.

nkalister
Valued Contributor

Anyone tried the 1.7 package oracle released today that fixes the issue?

jwojda
Valued Contributor II

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

URL for infected versions 1.6 34 and lower and 1.7 6 and lower

frozenarse
Contributor II

Update is out! http://support.apple.com/kb/DL1572