

Java zero-day flaw under active attack - dabent
http://blogs.zdnet.com/security/?p=6161

======
wingo
Links to <http://blog.cr0.org/2010/04/javacalypse.html>, which is much more
informative.

------
wouterinho
According to the advisory at
<http://seclists.org/fulldisclosure/2010/Apr/119>:

"All versions since Java SE 6 update 10 for Microsoft Windows are believed to
be affected by this vulnerability. Disabling the java plugin is not sufficient
to prevent exploitation, as the toolkit is installed independently."

Harmless demonstration at
[http://lock.cmpxchg8b.com/bb5eafbc6c6e67e11c4afc88b4e1dd22/t...](http://lock.cmpxchg8b.com/bb5eafbc6c6e67e11c4afc88b4e1dd22/testcase.html)

~~~
bshep
"Harmless demonstration at
<http://lock.cmpxchg8b.com/bb5eafbc6c6e67e11c4afc88b4e1dd22/t...>

Firefox 3.6.3 on OSX says its missing a plug-in although java is installed.

~~~
Jach
<http://xkcd.com/272/>

Same experience on Gentoo here. :)

------
Torn
Fixed in Java 1.6.0_20 released today. Go get it.

~~~
mikeytown2
<http://www.java.com/en/download/manual.jsp>

------
yread
Hm doesn't seem to work on my Opera although I have Java installed and I quite
regularly use javawebstart (for example jabref)

