There is a lot of scrambling with the browser authors about what to do with a new 0-day Java exploit that is circulating and is already part of at least two penetration toolkits. The flaw only exists in Java 1.7, which was never distributed with any PowerPC version of Mac OS X (though you can install an OpenJDK version of it), but because of other flaws you should make sure that the Java plugin is off and of course we "ship safe" because plugins are already disabled by default anyway. If Mozilla chemspills for this issue, we will probably not follow suit unless there are other changes related to it we want to capture.
This comment has been removed by the author.
ReplyDelete