Apple, Oracle Ship Java Security Updates
There must have been some rare planetary alignment yesterday, because the oddest thing happened: Apple and Oracle both shipped software updates for the same Java security flaws on the very same day.
Tag Archives: Oracle
Correction to Java Update Story
An earlier version of this blog post incorrectly stated that Oracle had shipped security updates for its Java software. Oracle did push out an update for Java earlier this month — Java 6 Update 32 — but the new version… Read More »
Urgent Fix for Zero-Day Mac Java Flaw
Apple on Monday released a critical update to its version of Java for Mac OS X systems that plugs at least a dozen security holes in the program. More importantly, the patch includes fixes for a flaw that attackers have recently pounced on to broadly deploy malicious software, both on Windows and Mac systems.
New Java Attack Rolled into Exploit Packs
If your computer is running Java and you have not updated to the latest version, you may be asking for trouble: A powerful exploit that takes advantage of a newly-disclosed security hole in Java has been rolled into automated exploit kits and is rapidly increasing the success rates of these tools in attacking vulnerable Internet users.
Critical Java Update Fixes 20 Flaws
Oracle Corp. released a critical update to plug at least 20 security holes in versions of its ubiquitous Java software. Nearly all of the Java vulnerabilities can be exploited remotely to compromise vulnerable systems with little or no help from users.
If you use Java, take some time to update the program now. According to a report released this month by Microsoft, the most commonly observed exploits in the first half of 2011 were those targeting Java flaws. The report also notes that Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quarters.
Java Update Clobbers 29 Security Flaws
Oracle today released a critical update to its widely-installed Java software, fixing at least 29 security vulnerabilities in the program. Most consumers on Microsoft Windows PCs will have some version of Java installed (if you’re not sure whether you have… Read More »
Crimepack: Packed with Hard Lessons
Exploit packs — slick, prepackaged bundles of commercial software that attackers can user to booby-trap hacked Web sites with malicious software — are popular in part because they turn hacking for profit into a point-and-click exercise that even the dullest can master. But one reason I’ve focused so much on these kits is that they also make it easy to visually communicate key Internet security concepts that often otherwise fall on deaf ears, such as the importance of keeping your software applications up-to-date with the latest security patches.
One of the best-selling exploit packs on the market today is called Crimepack, a kit that I have mentioned at least twice already in previous blog posts. In this post, we’ll take a closer look at the “exploit stats” section of a few working Crimepack installations to get a sense of which software vulnerabilities are most productive for Crimepack customers.
Apple Ships Java Security Update
Apple has pushed out an update that fixes at least 30 security vulnerabilities in its version of Java for Mac OS X systems. The patch appears to fix a flaw in Java that Oracle shipped more than a month ago… Read More »
Mozilla Disables Insecure Java Plugin in Firefox
Mozilla is disabling the Java Development Toolkit plugin for Firefox users, in a bid to block attacks against a newly-discovered Java security hole that attackers have been exploiting of late to install malicious code.
Java Patch Targets Latest Attacks
Oracle Corp. has shipped a new version of its Java software that nixes a feature in Java that hackers have been using to foist malicious software. Java 6 Update 20 was released sometime in the last 24 hours, and includes some security fixes, although Oracle’s documentation on that front is somewhat opaque. Most significantly, the update removes a feature that hackers have started using to install malware.
