A serious new vulnerability notice about Java exploits has been issued by the Department of Homeland Security’s Cybersecurity Division. Java 7 Update 10 and earlier contain a vulnerability that can allow a remote attacker to execute malware on vulnerable systems.A French researcher called Kafeine discovered that a number of websites using the exploit are able […]
As we’ve discussed in previous posts, we are seeing more malware abusing Java issues, including CVE-2012-4681. Currently this vulnerability is an 0-day, and to date there is no patch available from the vendor. It is known that JRE (Java Runtime Environment) 7 is vulnerable to attack on this sandbox-breach vulnerability, while JRE 6 is not. […]
The last few months we have seen a drastic increase in Java-based malware abusing the CVE-2012-0507 AtomicReferenceArray type-confusion vulnerability. In addition to that, a few weeks ago, a new Java vulnerability was found (CVE-2012-1723); it is also a type-confusion vulnerability. The attack abusing this new vulnerability is also very active. Traditionally, Java has a strong […]
Latest Comments