Jamf Nation Community

althea · ‎08-28-2012

Looking at this -- http://arstechnica.com/security/2012/08/critical-java-exploit-spreads/ -- and wondering if anyone out there is crafting policies to disable Java in the various browsers of choice. We're thinking about it. Thought I'd see if anyone else is doing anything before we start getting serious about it.

justinrummel · ‎08-28-2012

Take a look at these settings for disabling Java in Safari.

http://www.bynkii.com/archives/2012/08/yet_another_reason_i_use_safar.html

View solution in original post

justinrummel · ‎08-28-2012

Take a look at these settings for disabling Java in Safari.

http://www.bynkii.com/archives/2012/08/yet_another_reason_i_use_safar.html

nessts · ‎08-28-2012

gee @justinrummel that's quite the 12 year old you have found, or just really angry adult with no control over his cursing.

disabling java is impossible if you have an SSL vpn solution, that uses java for everything it does.

i never, not once found a machine infected with the previous java scare. if you browse to reputable sites you will likely be safe i would think. Those that don't and blow their stuff up, how bad can you feel for them?

althea · ‎08-28-2012

@nessts said: "Those that don't and blow their stuff up, how bad can you feel for them?"
I don't think it's a matter of feeling bad for them. I think most of us are concerned about having to clean up after those folks (and preferring not to have to if we can avoid it). Occasionally part of an admin's job is protecting users from themselves.

@justinrummel Thanks for the link.

nessts · ‎08-28-2012

wipe install, thats probably faster than trying to make every browser in the world safe from exploits. is it the right answer, not sure, but if a corporate user is using his computer in a way that he should not have been and corrupts it, i will just reinstall instead of debugging it. they pay for speedy resolution and wipe install is pretty quick. user data is usually save on another partition too to aid in this.

frozenarse · ‎08-30-2012

Unfortunately 'Legitimate' websites are responsible for the majority of malware. It was only a few years ago that the SuperBowl website was used to infest visitors. I have never been accused of 'coddling' end users but I don't think we can put the blame/responsibility solely on their shoulders here....

I have started to collect inventory on Java version based on the methods discussed here: https://jamfnation.jamfsoftware.com/discussion.html?id=3985

I don't want to head down the 1.7 line (downloadable from Oracle) if I can help it. Hopefully Apple releases 1.6.0_35 soon.

nkalister · ‎08-30-2012

Anyone tried the 1.7 package oracle released today that fixes the issue?

jwojda · ‎09-04-2012

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html

URL for infected versions 1.6 34 and lower and 1.7 6 and lower

frozenarse · ‎09-05-2012

Update is out! http://support.apple.com/kb/DL1572

Jamf Nation Community

Critical Java bug exploit - anyone doing anything to disable Java via policy?