New Java vulnerability is being exploited in the wild
A new Java 0-day vulnerability is being exploited in the wild. If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to “High” and attempt to avoid executing malicious applets.
This latest flaw was first discovered by security firm FireEye, which says it has already been used “to attack multiple customers.” The company has found that the flaw can be exploited successfully in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed, the latest versions of Oracle’s plugin.
This confirms the flaw is indeed a 0-day. For those who don’t know, “0-day” or “zero-day” refers to a security hole that has not been publicly disclosed yet, and so doesn’t have a patch available. Oracle released Java SE 6 Update 41 and Java SE 7 Update 15 on February 19, addressing five security fixes. This was a scheduled release, but it succeeded a previous emergency update that addressed 50 vulnerabilities. In February, Java exploits have resulted in computers being compromised at multiple companies, including Apple, Facebook, and Microsoft.
- Fri, 2013-04-19 05:32
- Tue, 2013-03-05 06:54
- Tue, 2013-02-12 06:16