
Urgent Fix for Zero-Day Mac Java Flaw  - wglb
http://krebsonsecurity.com/2012/04/urgent-fix-for-zero-day-mac-java-flaw/
======
tptacek
You should keep Java turned off in all your browsers. All the time. You should
never leave it enabled.

~~~
yuhong
Chrome will prompt if any page tries to use Java. If you trust the site, you
can allow it to run.

~~~
weaksauce
Personally, after seeing just how many exploits come in through java I don't
think it's wise to even have this hook enabled; it's another attack vector
that exists and it's better in my opinion to just not enable it at all.

~~~
tptacek
And, it's not just the number of exploits. It's the nature of the exploits.
They're usually very reliable, and often don't even rely on accidental
corruption so much as "features that accidentally expose all of runtime memory
to the Java sandbox".

Java was iffy in 1998 when it was just the applet sandbox and a graphics
context. But today, OS vendors have bridged Java into all sorts of systems
code. It's a debacle. Just don't enable it.

