![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Fun with malware
I've had a fun time in the last 24 hours with a piece of malware that managed to install itself via Firefox and a Java applet. Breezed straight in, installed a nasty IE toolbar and hijacked IE.
Having poked and prodded extensively, the security hole was in Java, and was fixed between Java 1.4.1_01 (which I was using yesterday) and Java 1.4.2_05 (which I'm using now).
Moral: If you have Java enabled in Mozilla/Firefox on Windows, update to the latest Java Runtime right now unless you like the idea of websites being able to execute arbitrary code on your machine.
Having poked and prodded extensively, the security hole was in Java, and was fixed between Java 1.4.1_01 (which I was using yesterday) and Java 1.4.2_05 (which I'm using now).
Moral: If you have Java enabled in Mozilla/Firefox on Windows, update to the latest Java Runtime right now unless you like the idea of websites being able to execute arbitrary code on your machine.
no subject
no subject
Having pinned it down and dissected it thoroughly, the security hole may well exist in non-windows versions of Java, but this particular exploit was windows-specific, and would likely just fail miserably on non-Win32 systems.