Security firm Security Explorations discovered the new vulnerability, which, when combined with other still-unpatched weaknesses in Java, could allow for a complete bypass of the Java Virtual Machine sandbox in the environment of the latest Java SE software.
A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.
Apple has released a third update related to Flashback, but this time, the patch comes with a detection and removal capability for the prolific trojan, and disables Java by default.
The company said it is creating software that will detect and remove Flashback, as well as coordinating with global ISPs to dismantle the botnet's infrastructure.
Security experts are backing up one anti-virus vendor's estimate of the massive size of a Mac trojan botnet.
It's time for Apple to step up its game when it comes to dealing with security threats.
Visiting a well-trafficked, seemingly trusted website won't necessarily save web surfers from getting malware installed on their computers, according to security firm Barracuda Networks.
Enterprise users of Java for the Mac OS X should ensure their machines are updated with the latest security patch from Apple, released Tuesday.
A live exploit is making the rounds that takes advantage of a bug in Java, which has already been patched, but hasn't yet made its way to Mac OS X users.
Oracle on Wednesday pushed updates for its Java Standard Edition (SE) to address 14 vulnerabilities
Automated attackers are trawling the web for vulnerable WordPress blogs so they can silently redirect users to dangerous exploits. So far, however, the number of victims is in the hundreds.
An update from Oracle clears up, among other vulnerabilities, an issue that caused Java 6 Update 29 to break SSL connectivity. Meanwhile, Adobe offered a fix for its ColdFusion development platform.
A new exploit, which has made its way into the Metasploit framework, underscores the danger posed by Java vulnerabilities, which are responsible for many of today's enterprise malware threats.
In its February Critical Patch Update (CPU) released this week, Oracle is patching 21 vulnerabilities across its popular Java SE and Java for Business products. In a release, the company said 19 of the Java flaws affecting the Java Runtime Environment could be exploited remotely in network attacks without needing a username and password. Eight of the patches come with the highest rating on the Common Vulnerability Scoring System (CVSS). Oracle is "strongly" urging customers to apply the new fixes, as well as previous patches, as soon as possible. - GM
Apple this week released security updates for Java for Mac OS X Leopard (10.5) and Snow Leopard (10.6), but hinted in its release notes that the software may be removed from future versions of its operating systems. The updates, here and here, fix several bugs that could allow an attacker to execute arbitrary code, according to a Thursday advisory from US-CERT. "Developers should not rely on the Apple-supplied Java runtime being present in future versions of Mac OS X," the release notes state. The Java runtime shipping in Leopard and Snow Leopard will, however, continue to be supported, Apple said. The declaration from Apple comes the same week as Microsoft warned of mass exploitation of Java to foist malware. — AM
The number of attacks on vulnerable Java code spiked during the third quarter of the year and have reached "unprecedented" levels, a Microsoft malware expert said on Monday.
Oracle on Tuesday released a massive quarterly security update with fixes for a number of enterprise products, as well as a separate batch of security fixes for Java.
A Firefox developer has discovered a new phishing attack method dubbed "tabnabbing," which preys on browser tabs and the fact that users generally don't keep track of all the tabs they have open at one time.
After the release last week of its new Snow Leopard operating system, Apple has issued a security update for the Java component in its Leopard OS, Mac OSX 10.5.
Sign up to our newsletters
SC Magazine Articles
- State breakdowns: Anthem breach by the numbers
- Malware on Lime Crime website, payment cards compromised
- Florida law enforcement docs show widespread stingray use, secrecy
- After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
- Botnet of Joomla servers furthers DDoS-for-hire scheme
- State breakdowns: Anthem breach by the numbers
- Carbanak APT campaign made off with $1B from banks globally
- BMW issues security patch for bug allowing attackers physical access into vehicles
- NIST requests final comments on ICS security guide
- Disconnect yawns between CISOs, exec leadership, study says
- Natural Grocers investigating unauthorized access to POS systems
- Proposed Consumer Privacy Bill of Rights Act doesn't go far enough, critics say
- Data at risk for about 50,000 current and former Uber drivers
- North Carolina credit union notification says laptop containing data missing
- Skills in demand: Application security engineers