|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Java 0day infects songlyrics.com
On April 9, Travis Ormandy wrote about a 0day hole in Java. It’s amazingly easy to exploit. Sun didn’t take him seriously:
Sun has been informed about this vulnerability, however, they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle.
For various reasons, I explained that I did did not agree, and intended to publish advice to temporarily disable the affected control until a solution is available.
Now comes word that a very popular Web site, songlyrics.com, has been serving up ads that are infected with that specific 0day. The ads feature rogue antispyware applications from Russia.
Thank you, Sun.
UPDATE: Brian Krebs reports that there’s a new version of Java out. I suggest you wait and have it installed automatically: Ryan Naraine discovered that if he installed it manually, Sun oh-so-helpfully offered to install the Bing Toolbar – another piece of crapware from Microsoft – and the installer goes so far as to offer the Bing Toolbar by default.
Open question: is Sun turning into the next Apple?
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Old Geek Forced to Update. Buy a Win 11 PC? Yikes! How do I cope?
by 1 hour, 10 minutes ago
-
National scam day
by 2 hours, 31 minutes ago
-
macOS Tahoe 26 the end of the road for Intel Macs, OCLP, Hackintosh
by 16 hours, 28 minutes ago
-
Cyberattack on some Washington Post journalists’ email accounts
by 17 hours, 48 minutes ago
-
Tools to support internet discussions
by 1 day ago
-
How get Group Policy to allow specific Driver to download?
by 8 hours, 54 minutes ago
-
AI is good sometimes
by 1 day, 1 hour ago
-
Mozilla quietly tests Perplexity AI as a New Firefox Search Option
by 15 hours, 3 minutes ago
-
Perplexity Pro free for 12 mos for Samsung Galaxy phones
by 2 days, 1 hour ago
-
June KB5060842 update broke DHCP server service
by 1 day, 23 hours ago
-
AMD Ryzen™ Chipset Driver Release Notes 7.06.02.123
by 2 days, 3 hours ago
-
Excessive security alerts
by 18 hours, 39 minutes ago
-
* CrystalDiskMark may shorten SSD/USB Memory life
by 2 days, 13 hours ago
-
Ben’s excellent adventure with Linux
by 6 hours, 28 minutes ago
-
Seconds are back in Windows 10!
by 2 days ago
-
WebBrowserPassView — Take inventory of your stored passwords
by 18 hours, 6 minutes ago
-
OS news from WWDC 2025
by 4 hours, 12 minutes ago
-
Need help with graphics…
by 1 day, 8 hours ago
-
AMD : Out of Bounds (OOB) read vulnerability in TPM 2.0 CVE-2025-2884
by 3 days, 4 hours ago
-
Totally remove or disable BitLocker
by 2 days, 3 hours ago
-
Windows 10 gets 6 years of ESU?
by 2 days, 7 hours ago
-
Apple, Google stores still offer China-based VPNs, report says
by 3 days, 15 hours ago
-
Search Forums only bring up my posts?
by 1 day ago
-
Windows Spotlight broken on Enterprise and Pro for Workstations?
by 4 days, 3 hours ago
-
Denmark wants to dump Microsoft for Linux + LibreOffice
by 7 hours, 26 minutes ago
-
How to get Microsoft Defender to honor Group Policy Setting
by 26 minutes ago
-
Apple : Paragon’s iOS Mercenary Spyware Finds Journalists Target
by 4 days, 14 hours ago
-
Music : The Rose Room – It’s Been A Long, Long Time album
by 4 days, 15 hours ago
-
Disengage Bitlocker
by 4 days, 5 hours ago
-
Mac Mini M2 Service Program for No Power Issue
by 4 days, 17 hours ago
Remembering Woody
