Security firm Security Explorations discovered the new vulnerability, which, when combined with other still-unpatched weaknesses in Java, could allow for a complete bypass of the Java Virtual Machine sandbox in the environment of the latest Java SE software.
A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.
Apple has released a third update related to Flashback, but this time, the patch comes with a detection and removal capability for the prolific trojan, and disables Java by default.
The company said it is creating software that will detect and remove Flashback, as well as coordinating with global ISPs to dismantle the botnet's infrastructure.
Security experts are backing up one anti-virus vendor's estimate of the massive size of a Mac trojan botnet.
It's time for Apple to step up its game when it comes to dealing with security threats.
Visiting a well-trafficked, seemingly trusted website won't necessarily save web surfers from getting malware installed on their computers, according to security firm Barracuda Networks.
Enterprise users of Java for the Mac OS X should ensure their machines are updated with the latest security patch from Apple, released Tuesday.
A live exploit is making the rounds that takes advantage of a bug in Java, which has already been patched, but hasn't yet made its way to Mac OS X users.
Oracle on Wednesday pushed updates for its Java Standard Edition (SE) to address 14 vulnerabilities
Automated attackers are trawling the web for vulnerable WordPress blogs so they can silently redirect users to dangerous exploits. So far, however, the number of victims is in the hundreds.
An update from Oracle clears up, among other vulnerabilities, an issue that caused Java 6 Update 29 to break SSL connectivity. Meanwhile, Adobe offered a fix for its ColdFusion development platform.
A new exploit, which has made its way into the Metasploit framework, underscores the danger posed by Java vulnerabilities, which are responsible for many of today's enterprise malware threats.
In its February Critical Patch Update (CPU) released this week, Oracle is patching 21 vulnerabilities across its popular Java SE and Java for Business products. In a release, the company said 19 of the Java flaws affecting the Java Runtime Environment could be exploited remotely in network attacks without needing a username and password. Eight of the patches come with the highest rating on the Common Vulnerability Scoring System (CVSS). Oracle is "strongly" urging customers to apply the new fixes, as well as previous patches, as soon as possible. - GM
Apple this week released security updates for Java for Mac OS X Leopard (10.5) and Snow Leopard (10.6), but hinted in its release notes that the software may be removed from future versions of its operating systems. The updates, here and here, fix several bugs that could allow an attacker to execute arbitrary code, according to a Thursday advisory from US-CERT. "Developers should not rely on the Apple-supplied Java runtime being present in future versions of Mac OS X," the release notes state. The Java runtime shipping in Leopard and Snow Leopard will, however, continue to be supported, Apple said. The declaration from Apple comes the same week as Microsoft warned of mass exploitation of Java to foist malware. — AM
The number of attacks on vulnerable Java code spiked during the third quarter of the year and have reached "unprecedented" levels, a Microsoft malware expert said on Monday.
Oracle on Tuesday released a massive quarterly security update with fixes for a number of enterprise products, as well as a separate batch of security fixes for Java.
A Firefox developer has discovered a new phishing attack method dubbed "tabnabbing," which preys on browser tabs and the fact that users generally don't keep track of all the tabs they have open at one time.
After the release last week of its new Snow Leopard operating system, Apple has issued a security update for the Java component in its Leopard OS, Mac OSX 10.5.
Sign up to our newsletters
SC Magazine Articles
- 'MEDJACK' tactic allows cyber criminals to enter healthcare networks undetected
- Samsung devices, including Galaxy S6, vulnerable to remote code execution
- Dridex banking malware spreading through new spam campaign
- U.S., China agree to cybersecurity code of conduct
- Suspicious activity on LastPass network, data compromised
- Former Georgia-Pacific sysadmin charged with damaging protected computers
- Harvard University announces network intrusion, possible data exposure
- Saboteurs leverage RIPv1 for DDoS reflection attacks
- More than 440K new Android malware strains found in Q1, study finds
- Apple releases OS X 10.10.4 and iOS 8.4, numerous bugs addressed