Java_Rhino: How to protect yourself
There’s a nasty Java exploit making the rounds and it affects anyone with Java installed and enabled. However, protecting yourself is easy and will only take a couple minutes — update Java and then, unless, you use it all of the time, keep it disabled until you truly need it.
Metasploit’s Jonthan Cran describes the java-rhino exploit thusly, “This vulnerability is particularly pernicious, as it is cross-platform, unpatched on some systems, and is an easy-to-exploit client-side that does little to make the user aware they’re being exploited.”
My depth of understanding here is pretty minimal, but my impression is that this java_rhino is “script kiddy” easy to pull off. Happily, protecting yourself is just as easy.
Thereupon, get Apple’s Java updates for Lion or Snow Leopard and install the appropriate patch. Yes, just installing the latest version will block the java_rhino exploit.
Take the next step…
That said, I keep Java turned off in Safari and Firefox by default simply because it’s so infrequently needed and associated with so many stupid simple exploits. Although installing the latest version of Java from Apple obviates this particular attack vector, Java in general is so insecure that it always seems there’s another unpatched exploit circulating in the wild — I keep Java updated and turned off until it’s specifically needed.
To turn off Java in Safari, go to:
Preferences > Security > uncheck Enable Java (image above)
What’s your take?