Carsten Eiram, chief research officer, Risk Based Security
March 01, 2013
Threat of the month

Threat of the month: Java zero-day

IE exploits are the "Threat of the Month"
IE exploits are the "Threat of the Month"

What is it?

Yet another zero-day vulnerability in Java Runtime Environment (JRE) that allows remote code execution via browsers.

How does it work?

It can be triggered by a user simply viewing a web page embedding malicious Java content.

Should I be worried?

Yes, many of the Java vulnerabilities being exploited are types of errors that allow code execution in a completely reliable manner. 

How can I prevent it?

Users should upgrade to Java 7 Update 13, which Oracle released in early February – 18 days prior to its scheduled release – in response to reports of the vulnerability being actively exploited. This latest update addresses 50 vulnerabilities for Java SE products. One of these is the new zero-day, though it is currently unclear which one. As attacks targeting Java are increasing, and we could see new zero-days in the immediate future, users should also disable Java in browsers by default, only enabling it for trusted websites when needed.

From the March 2013 Issue of SCMagazine »
Related Articles
Related Topics
close

Next Article in News

Sign up to our newsletters

More in News

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.

WordPress tightens security with two-factor authentication

The new feature is immediately available for users and "secret" codes can be accessed via SMS or through the Google Authenticator app.

Microsoft fixes three "critical" flaws with Patch Tuesday release

The biggies are two vulnerabilities in Internet Explorer and a single weakness in Remote Desktop Connection.