|reply to chachazz |
Re: Warning: 0-Day vulnerability in Java 7
Just tested this with Metasploit against Ubuntu 12.04 in a VM. It worked. However, when I enabled the default AppArmor profile for Firefox, it stopped the exploit cold. This profile is included in Ubuntu but is *not* activated by default. Of course even if the exploit succeeded it wouldn't have root, thus would probably be detected eventually by a discerning user.
What it does is try to run an executable from /tmp, but the AppArmor profile denies it access so it stops there.
Also, it doesn't appear to work against OpenJDK (the open source version of Java). Ubuntu does not package regular Oracle Java by default, so most people are probably using OpenJDK anyway.
Same thing on Chromium browser. The exploit works until I activated the AppArmor profile (and made some tweaks to it of my own). I suppose Java doesn't run in Chromium's built-in chroot sandbox.
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999