August 03, 2012

Despite patch, exploits against new Java bug picking up

Researchers at Microsoft are warning that malware taking advantage of a patched Java vulnerability is now being heavily targeted. Detection rates for exploits against the vulnerability (CVE-2012-1723) are now overtaking attacks abusing a previous widely attacked Java bug (CVE-2012-0507), which was used to spread the widespread Flashback trojan that targeted Mac users. Jeong Wook Oh of the Microsoft Malware Protection Center wrote Wednesday in a blog post that the latest vulnerability, classed as a type confusion flaw and patched in June, shows "a high success rate with exploitation when Java Runtime Environment is not updated to the latest secure version."
Related Articles
Related Topics

Sign up to our newsletters

More in News

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

WordPress tightens security with two-factor authentication

The new feature is immediately available for users and "secret" codes can be accessed via SMS or through the Google Authenticator app.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.