Threat of the month: Java exploits

Share this article:
Threat of the month: Java exploits
Threat of the month: Java exploits

What is it?

Remote code execution vulnerabilities affecting Java prior to version 7 Update 25, which allow a complete sandbox bypass via browsers and allow attackers to take access of the affected system.

How does it work?

Issues fixed in the update include memory corruption as well as arbitrary method invocation vulnerabilities. Some of these issues can be leveraged by convincing a user to visit a web page that contains malicious Java content. 

Should I be worried?

Yes, exploits for some of the vulnerabilities are now beginning to surface in frameworks like Metasploit, which equips attackers with fully working exploits. Users should show caution when visiting untrusted websites if their systems are not fully patched.

How can I prevent it?

Oracle has issued version 7 Update 25, which fixes the vulnerabilities, and any system using an older version should update. Additionally, Java now has the default security level of “High,” which makes it harder for attackers to run untrusted applets on a victims system.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Threat of the Month

Sign up to our newsletters

TOP COMMENTS

More in Threat of the Month

Threat of the month: Passwords

Threat of the month: Passwords

The argument around the use of passwords and their relevancy today continues to increase.

Threat of the month: Network deperimeterization

Threat of the month: Network deperimeterization

Security professionals should be aware of network deperimeterization, which decreases the usefulness of network edge security devices and increases the potential for device infection and data loss.

Threat of the month: Drive-by download

Threat of the month: Drive-by download

The pervasiveness of drive-by downloads has made it our threat of the month for May.