Skip to main content

New Java vulnerability is being exploited in the wild

posted onMarch 1, 2013
by l33tdawg

A new Java 0-day vulnerability is being exploited in the wild. If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to “High” and attempt to avoid executing malicious applets.

This latest flaw was first discovered by security firm FireEye, which says it has already been used “to attack multiple customers.” The company has found that the flaw can be exploited successfully in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed, the latest versions of Oracle’s plugin.

This confirms the flaw is indeed a 0-day. For those who don’t know, “0-day” or “zero-day” refers to a security hole that has not been publicly disclosed yet, and so doesn’t have a patch available. Oracle released Java SE 6 Update 41 and Java SE 7 Update 15 on February 19, addressing five security fixes. This was a scheduled release, but it succeeded a previous emergency update that addressed 50 vulnerabilities. In February, Java exploits have resulted in computers being compromised at multiple companies, including Apple, Facebook, and Microsoft.

Source

Tags

Java Security Oracle

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th