From: bliss-sf4ever@dslextreme.com   
      
   Hi   
   	I have not seen anything about this matter here   
   as far as I can recall.  A Norwegian SysAdm on a mailing   
   list I frequent passed it on.   
      
   An analysis of exploit code found shortly after the first Java flaw was   
   discovered Sunday revealed the second vulnerability. The code has been   
   tied to attackers in China.   
      
   "The beauty of this bug class is that it provides 100% reliability and   
   is multiplatform," Esteban Guillardoy, a developer at Immunity, said   
   Tuesday in announcing the discovery of the second bug. "Hence this will   
   shortly become the penetration test Swiss knife for the next couple of   
   years."   
      
   Users of Java, which is installed in billions of devices worldwide, are   
   notorious for not staying up to date with patches. Rapid7 estimates that   
   65% of the installations today are unpatched. However, this time around,   
   people with the latest version of Java were the ones most open to attack.   
      
   The bugs are in Java 7 and affect Windows, Mac OS X and Linux operating   
   systems running a Web browser with a Java plugin enabled. The flaws were   
   introduced with the release the platform in July 28, 2011, Guillardoy   
   said in his analysis.   
      
   Java steward Oracle has not released a fix for either vulnerability.   
      
   Researchers are advising computer owners to disable Java in all   
   browsers. "That would be the only solution, right now," said Tod   
   Beardsley, a bug testing engineering manager for Rapid7.   
      
    >http://www.csoonline.com/article/714998/second-java-zero-day-f   
   und-time-to-disable-it-say-experts>   
      
   	bliss   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)