The primary risk of Java vulnerabilities is drive-by attacks in the browser. The browser will usually execute any Java applet it is told to execute by the webpage.
If you have it disabled in the browser, some vulnerabilities are still potentially exploitable, but the attack vector changes. Rather than entice you to click on a link that has the malicious Java file, or to set up a watering hole attack on a site you're likely to visit, the attacker has to find some way of getting you to download and execute his malicious file, which would involve significantly more social engineering, or he has to have local access to the system in order to run the file himself. At which point, you've most likely already lost. It is very unlikely that a tool like Jdownloader would be exposed to these types of vulnerabilities. You still should be concerned about any flaws inherent in the specific code written for Jdownloader and keep an eye on the NVD for known weaknesses as with any other client application. But the beef the Infosec industry has with Java is almost exclusively with Java applets running amok in the browser. On Tue, Mar 26, 2013 at 3:28 PM, Alex Kornilov <[email protected]> wrote: > I run OS X with JDownloader, Eclipse and and a banking application written > in Java. > I didn't enable Java in Browser > http://image.bayimg.com/48e06edc9c669851eb9928f6a43ffed13b8e7510.jpg > > Java has a lot of negative press about security. Am I at risk? Are all java > vulnerabilities exploitable via web browser? Not local installed Java based > application? > How to harden/lock down my Java SDK? > > Alex > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
