Zero-Day Paranoia And The Reality Of Modern Web Browsing

Jason Perlow | ZDNet | January 12, 2013

Remote code execution is an end-user nightmare that can be stopped tomorrow, if we enact the appropriate technologies to prevent it.

It's not often that my dad emails me with a frantic message about his computer. Apparently, he had read an article written by one of my colleagues, Zack Whittaker, regarding the Department of Homeland Defense Advisory about the recently publicised Java Zero-Day exploit. 

He wanted to tell me that he had disabled Java on all of his PCs and asked me what I thought about it...From my understanding of the exploit in question, it uses a weakness inherent in the Java VM that allows remote code execution of malicious software. What does that mean, exactly?

Well, it means that if you have Java installed on your machine, and you have the plugin for Java web start apps enabled in your browser, that means that a piece of bytecode (software loaded from a website that uses Java) that is executed from within the Java VM installed on your PC can call outside of its supposedly sandboxed environment to your operating system and execute a "payload"...