Java Security

Researchers: Oracle will address new Java flaw next month

By

Security firm Security Explorations discovered the new vulnerability, which, when combined with other still-unpatched weaknesses in Java, could allow for a complete bypass of the Java Virtual Machine sandbox in the environment of the latest Java SE software.

Exploits greeting users at foreign policy, human rights sites

By

A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.

Third Apple Java update rids infections and turns off Java

By

Apple has released a third update related to Flashback, but this time, the patch comes with a detection and removal capability for the prolific trojan, and disables Java by default.

Apple says it is working to shut down Flashback infections

By

The company said it is creating software that will detect and remove Flashback, as well as coordinating with global ISPs to dismantle the botnet's infrastructure.

Apple releases another update to quell Flashback spread

By

Security experts are backing up one anti-virus vendor's estimate of the massive size of a Mac trojan botnet.

Apple is the richest company in the world, but it's not very good at dealing with malware

By

It's time for Apple to step up its game when it comes to dealing with security threats.

Report: Top-ranking websites serve malware, too

By

Visiting a well-trafficked, seemingly trusted website won't necessarily save web surfers from getting malware installed on their computers, according to security firm Barracuda Networks.

Apple updates Java after malware spreads

By

Enterprise users of Java for the Mac OS X should ensure their machines are updated with the latest security patch from Apple, released Tuesday.

"Flashback" trojan targets Mac computers

By

A live exploit is making the rounds that takes advantage of a bug in Java, which has already been patched, but hasn't yet made its way to Mac OS X users.

Oracle patches highly exploited Java for 14 flaws

By

Oracle on Wednesday pushed updates for its Java Standard Edition (SE) to address 14 vulnerabilities

WordPress attacks try to infect users with dangerous rootkit

By

Automated attackers are trawling the web for vulnerable WordPress blogs so they can silently redirect users to dangerous exploits. So far, however, the number of victims is in the hundreds.

Oracle updates Java, Adobe patches ColdFusion

By

An update from Oracle clears up, among other vulnerabilities, an issue that caused Java 6 Update 29 to break SSL connectivity. Meanwhile, Adobe offered a fix for its ColdFusion development platform.

New Java exploit one of many impacting firms

By

A new exploit, which has made its way into the Metasploit framework, underscores the danger posed by Java vulnerabilities, which are responsible for many of today's enterprise malware threats.

Oracle patches 21 vulnerabilities in Java

By

In its February Critical Patch Update (CPU) released this week, Oracle is patching 21 vulnerabilities across its popular Java SE and Java for Business products. In a release, the company said 19 of the Java flaws affecting the Java Runtime Environment could be exploited remotely in network attacks without needing a username and password. Eight of the patches come with the highest rating on the Common Vulnerability Scoring System (CVSS). Oracle is "strongly" urging customers to apply the new fixes, as well as previous patches, as soon as possible. - GM

Apple "deprecates" Java in OS X, releases fixes

By

Apple this week released security updates for Java for Mac OS X Leopard (10.5) and Snow Leopard (10.6), but hinted in its release notes that the software may be removed from future versions of its operating systems. The updates, here and here, fix several bugs that could allow an attacker to execute arbitrary code, according to a Thursday advisory from US-CERT. "Developers should not rely on the Apple-supplied Java runtime being present in future versions of Mac OS X," the release notes state. The Java runtime shipping in Leopard and Snow Leopard will, however, continue to be supported, Apple said. The declaration from Apple comes the same week as Microsoft warned of mass exploitation of Java to foist malware. — AM

Microsoft warns of "unprecedented" Java exploitation

By

The number of attacks on vulnerable Java code spiked during the third quarter of the year and have reached "unprecedented" levels, a Microsoft malware expert said on Monday.

Oracle issues massive quarterly update with Java fixes

By

Oracle on Tuesday released a massive quarterly security update with fixes for a number of enterprise products, as well as a separate batch of security fixes for Java.

New phishing technique exploits browser tab use

By

A Firefox developer has discovered a new phishing attack method dubbed "tabnabbing," which preys on browser tabs and the fact that users generally don't keep track of all the tabs they have open at one time.

Apple issues security updates for Leopard OS

By

After the release last week of its new Snow Leopard operating system, Apple has issued a security update for the Java component in its Leopard OS, Mac OSX 10.5.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US