Another Java Exploit Found In 'Watering Hole' Attack


At this point, the words “Java” and “exploit” have become so tightly knit and so often used that they’ve faded into white noise as quickly as they’ve joined. Today, there’s yet another development in the long and monotonous story about Java that just refuses to stop unfolding.

According to Ars Technica, the same exploits which were fixed in recent updates to Internet Explorer and Java are being used as hackers target websites with a human rights bent. These attackers are said to be taking advantage of those slow to either disable Java — the best solution — or to update to the latest patched version of Java, the best option if you really, 100% have to use Java.

As a brief recent history, a security flaw in Java 11 was being sold along with a hackers “toolkit” that allowed anyone with a certain amount of money to target any user with the un-patched version of Java. Things got so out of hand, the U.S. Department of Homeland Security saw it fit to issue a warning to all citizens who had yet to disable or update their versions of Java. As it turns out, a warning from the federal government really greases the pipeline and a new patch for Java was promptly released.