

Trend Micro Discovers New Java Zero-Day Exploit - _jomo
http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-trend-micro-discovers-new-java-zero-day-exploit/

======
mark_l_watson
Do I understand this correctly, that this is a browser exploit and not a
server side exploit? I thought that most people did not use Java browser
applets anymore.

~~~
samch
That's the way I read it, although more detail from Trend Micro would've been
nice. This vulnerability seems to relate to the browser plugin:

"The Browser Exploit Prevention feature in the Endpoint Security in Trend
Micro™ Smart Protection Suite detects the exploit once the user accesses the
URL that hosted it. Our Browser Exploit Prevention detects user systems
against exploits targeting browsers or related plugins."

------
brink2death
Someone should update this page:

[http://java-0day.com/](http://java-0day.com/)

------
im3w1l
So there are now both Flash AND Java zero-days out. Time to be careful...

~~~
arto
Another month, another exploit. Flash and Java are no more insecure than usual
for them. The best advice is to disable these plugins as a matter of course,
whenever possible.

~~~
cordite
Disable, uninstall, or click-to-enable.

I'm in favor of everything moving to click-to-enable (which flashblock does
for me, and is nice). Of course, companies like Adobe and Oracle probably
don't want that as it means less people buy their products or support as they
move to natively supported features.

------
stephengillie
[https://news.ycombinator.com/item?id=9877941](https://news.ycombinator.com/item?id=9877941)

------
feld
Java Web Start, not jdk or jre

