back to article Oracle plugs flaw used in attacks on NATO and the White House

Oracle has crushed a critical click-to-play vulnerability attackers used in the NATO-busting hacking operation known as Pawn Storm, Trend Micro threat analyst Jack Tang says. The patch is part of a run of 154 fixes from Big Red including 25 for the ravaged Java runtime. The fix will either irk or amuse the sophisticated …

  1. DryBones
    Holmes

    Ingenious Bypass for Ingenous Bypass

    Don't have Java installed.

  2. Pascal Monett Silver badge

    "If Java was still in widespread use today"

    Uh, am I supposed to understand that it isn't ? Funny that, when you run the installer it says that it is being used on billions of PCs - and now it's even on phones.

    Java use may be decreasing, but I do believe it's usage can still be qualified as "widespread".

    1. Anonymous Coward
      Anonymous Coward

      Re: "If Java was still in widespread use today"

      Considering that every Android phone depends on what is essentially a clone of its VM, yeah I'd say it is pretty widespread.

  3. Roo
    Windows

    "Oracle has crushed a critical click-to-play vulnerability attackers used in the NATO-busting hacking operation known as Pawn Storm, Trend Micro threat analyst Jack Tang says."

    And yet in another article covering the Java patches we read:

    "The good news is that Oracle says none of the vulnerabilities in its mammoth bug-splat had been exploited as of 19 October."

    This phenomenon isn't limited to Oracle either, Microsoft has also reassured us that vulns haven't been exploited in the wild when in fact they very definitely have been. Either these folks are totally ignorant about what's going on outside their ivory tower or they are treating their customers & users with contempt, neither is good or excusable.

  4. Binnacle
    Meh

    yawn

    The researcher, in typical fashion, fails to mention

    that if one browses primarily with FireFox and

    has "click_to_play" enabled in the browser, that

    j2launcher.exe is never invoked and the exploit

    will fail.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like