Java

New Java exploit on the loose following recent security update

New Java exploit on the loose following recent security update

By

In addition to the exploit, which leverages a recently patched bug, a researcher has discovered a fresh vulnerability in the newly minted version of Java SE.

Java 8 release pushed back due to security concerns

By

Mark Reinhold, the chief architect of the Java platform group, announced the delay late last week.

Oracle releases 42 fixes for Java bugs as part of wider security update

By

An improved notification system will help protect users from running risky applications from untrusted sources.

Oracle pushes patch for Java vulnerability after exploit reports surface

By

The company apparently was able to distribute a fix so quickly because it actually learned of this vulnerability on Feb. 1, but wasn't able to include a patch in the Feb. 19 update to Java.

As exploits climb, Oracle patches Java 7

By

Responding to a widening outbreak of Java malware, Oracle on Sunday dispensed an urgent fix for the latest version of the software platform.

Java zero-day infections pick up steam

By

Kaspersky researchers have detected that distribution of the exploit is at least in the thousands, with the majority of impacted users located in the U.S., Russia and Germany.

New Java zero-day exploit could spread "mayhem"

By

The vulnerability already has been added to commercially available attack toolkits, such as BlackHole and Nuclear Pack.

Update uninstalls Apple-provided Java plug-in

By

One day after Oracle released a massive security update, which included fixes for a number of Java vulnerabilities, Apple shipped its own update for Java for Mac OS X.

Java thrashing continues with new vulnerabilty discovery

By

The latest flaw affecting Java SE could allow an attacker to take over machines through a complete security sandbox bypass. But, so far, there have been no reports of active exploits.

IE zero-day exploit linked to Java 7 attackers

By

Researchers believe the Nitro crime gang, also behind Oracle's Java zero-day exploit, launched recent attacks through a vulnerability in Internet Explorer 9 and earlier versions.

Researchers: Oracle will address new Java flaw next month

By

Security firm Security Explorations discovered the new vulnerability, which, when combined with other still-unpatched weaknesses in Java, could allow for a complete bypass of the Java Virtual Machine sandbox in the environment of the latest Java SE software.

Apple issues Java updates after Oracle emergency patch

By

Apple has released Java updates to patch vulnerabilities in Mac OS X Lion, Mountain Lion and Snow Leopard.

Déjà vu? Oracle may be dealing with another Java exploit

By

Hours after the company that maintains Java released a much-anticipated patch for a widespread malware attack, Polish firm Security Explorations said it discovered a new vulnerability in the software platform.

Oracle issues emergency fix for Java security vulnerabilities

By

Patch alert: In a rare, if not unprecedented, move, Oracle on Thursday issued an out-of-cycle patch for gaping holes in Java 7 that have been widely exploited to spread malware.

Java exploit in BlackHole shows immediate success

By

In light of the fast-spreading Java 7 exploit, Mozilla has become the first browser maker to suggest users disable Java functionality.

As a Java zero-day spreads, disclosure questions arise

By

As expected, exploits taking advantage of gaping holes in Java now are growing in prominence -- and the big question is: When will Oracle patch the issue?

New Java exploit on the loose, unofficial patch may help

By

A new Java exploit is expected to become more widespread now that proof-of-concept code has been published. Oracle isn't scheduled to update Java until October.

Despite patch, exploits against new Java bug picking up

Detection rates for exploits against the vulnerability (CVE-2012-1723) are now overtaking attacks abusing a previous widely attacked Java bug (CVE-2012-0507), which was used to spread the widespread Flashback trojan that targeted Mac users.

Black Hat: Most Java malware exploits "type confusion" vulnerability

By

A researcher investigated Java exploits, and drew on one well-know example, to explain how one of the most common classes of attack spreads.

Hackers add Java exploit to BlackHole toolkit

By

The commercially available and automated BlackHole exploit kit has been updated to include exploit functionality for a recently patched Java vulnerability, and attacks are now happening in the wild.

Java updates from Oracle and Apple come on same day

By

Traditionally, Apple has taken some time to release updates for its own version of third-party software. But that may be changing if Tuesday's concurrent patches for Java are any guide.

Exploits greeting users at foreign policy, human rights sites

By

A host of websites, including the U.S.-based Center for Defense Information, have been compromised with malicious code in order to target and infect visitors.

Sign up to our newsletters

POLL