1

Another Java Zero-Day Vulnerability Hits Black Market

view story
linux-howto

http://forums.fedoraforum.org – 1. Java Security 'Fix' Is Disguised Malware Attack https://www.informationweek.com/secu...hits/240146416 Quote: Call it malware cash and carry: Less than 24 hours after Oracle Sunday released a security update that addresses two critical zero-day vulnerabilities in Java that are being actively exploited by attackers, an online vulnerability seller began offering a brand-new Java bug for sale. 2. Latest Java Update Broken; Two New Sandbox Bypass Flaws Found https://threatpost.com/en_us/blogs/l...s-found-011813 (HowTos)

leex's picture
Submitted by leex on 01/19/2013

Stories similar to Another Java Zero-Day Vulnerability Hits Black Market

http://arstechnica.com/security/2012...urity-sandbox/

Quote:

Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security hole in Java SE 7 letting attackers take complete control of PCs.

Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security flaw in Java SE 7 letting attackers take complete control of PCs.

Emergency software update repairs vulnerability that could allow remote attackers to execute arbitrary code.

Oracle Java 7u10 has been released recently. Although not strictly speaking a security update, it does have security related enhancements which make updating advisable: http://www.oracle.com/technetwork/ja...s-1880995.html

Update instructions for a manual installation: https://sites.google.com/site/easylinuxtipsproject/java

SuSE: 2010-028: IBM Java 5 2 years 49 weeks ago

LinuxSecurity.com: This update of IBM Java 1.5.0 to SR11 FP2 brings various bug and lots of security fixes. Following security issues were fixed: CVE-2010-0084: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 [More...]

http://www.theregister.co.uk/2012/08...w_about_flaws/

closed source for corruption! microshaft, now oracle!

Quote:

The critical Java vulnerabilities that have security experts cautioning users to disable Java in their browsers are not new discoveries, a security firm claims.

Written by: Stephen Withers | Published in: SecurityIt turns out that 'soon' really can mean 'very soon indeed.' On Friday, an Oracle spokesperson said a Java update to fix a serious vulnerability that was being exploited would be available soon - it's here already.

Oracle has outlined at JavaOne, a conference that takes place in San Francisco, the future of the Java platform.

Hasan Rizvi, executive vice president, Oracle Fusion Middleware and Java, and the Oracle Java Development team leaders explained that beginning with the Java SE 7 Update 6, released in August of 2012, consumers and developers have access to the latest Java SE features and security upda

Written by: Stephen Withers | Published in: SecurityA security researcher has revealed another critical security vulnerability in Java.