Adam Gowdiak: Oracle knew about Java vulnerabilities for months
Oracle knew since April about the existence of the two unpatched Java 7 vulnerabilities that are currently being exploited in malware attacks, according to Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations.
Security Explorations reported 19 Java 7 security issues to Oracle on Apr. 2. Those issues included the two zero-day -- unpatched -- vulnerabilities that attackers are exploiting to infect computers with malware, Gowdiak said Wednesday via email.
The company continued to report Java 7 vulnerabilities to Oracle in the following months until the total number reached 29. "We demonstrated 16 full Java SE 7 sandbox compromises with the use of our bugs," Gowdiak said. According to security researchers from security firm Immunity, the Java exploit published online earlier this week and integrated into the Blackhole attack toolkit makes use of two Java vulnerabilities not one, as it was previously believed.
- Fri, 2013-04-19 05:32
- Tue, 2013-03-05 06:54
- Fri, 2013-03-01 10:43