New analysis of a zero-day Java exploit that surfaced last week indicates that it takes advantage of not one but two previously unknown vulnerabilities in the widely-used software. The latest figures suggest that more than a billion users may be vulnerable to attack.
There must have been some rare planetary alignment yesterday, because the oddest thing happened: Apple and Oracle both shipped software updates for the same Java security flaws on the very same day.
An earlier version of this blog post incorrectly stated that Oracle had shipped security updates for its Java software. Oracle did push out an update for Java earlier this month — Java 6 Update 32 — but the new version… Read More »
Apple on Monday released a critical update to its version of Java for Mac OS X systems that plugs at least a dozen security holes in the program. More importantly, the patch includes fixes for a flaw that attackers have recently pounced on to broadly deploy malicious software, both on Windows and Mac systems.
If your computer is running Java and you have not updated to the latest version, you may be asking for trouble: A powerful exploit that takes advantage of a newly-disclosed security hole in Java has been rolled into automated exploit kits and is rapidly increasing the success rates of these tools in attacking vulnerable Internet users.
Oracle Corp. released a critical update to plug at least 20 security holes in versions of its ubiquitous Java software. Nearly all of the Java vulnerabilities can be exploited remotely to compromise vulnerable systems with little or no help from users.
If you use Java, take some time to update the program now. According to a report released this month by Microsoft, the most commonly observed exploits in the first half of 2011 were those targeting Java flaws. The report also notes that Java exploits were responsible for between one-third and one-half of all exploits observed in each of the four most recent quarters.
Oracle today released a critical update to its widely-installed Java software, fixing at least 29 security vulnerabilities in the program. Most consumers on Microsoft Windows PCs will have some version of Java installed (if you’re not sure whether you have… Read More »
Exploit packs — slick, prepackaged bundles of commercial software that attackers can user to booby-trap hacked Web sites with malicious software — are popular in part because they turn hacking for profit into a point-and-click exercise that even the dullest can master. But one reason I’ve focused so much on these kits is that they also make it easy to visually communicate key Internet security concepts that often otherwise fall on deaf ears, such as the importance of keeping your software applications up-to-date with the latest security patches.
One of the best-selling exploit packs on the market today is called Crimepack, a kit that I have mentioned at least twice already in previous blog posts. In this post, we’ll take a closer look at the “exploit stats” section of a few working Crimepack installations to get a sense of which software vulnerabilities are most productive for Crimepack customers.
Apple has pushed out an update that fixes at least 30 security vulnerabilities in its version of Java for Mac OS X systems. The patch appears to fix a flaw in Java that Oracle shipped more than a month ago… Read More »
Mozilla is disabling the Java Development Toolkit plugin for Firefox users, in a bid to block attacks against a newly-discovered Java security hole that attackers have been exploiting of late to install malicious code.
