Threat of the month: Java zero-day

Share this article:
Threat of the month: pdf.exe.zip files
Threat of the month: pdf.exe.zip files

What is it?

Yet another zero-day vulnerability in Java Runtime Environment (JRE) that allows remote code execution via browsers.

How does it work?

It can be triggered by a user simply viewing a web page embedding malicious Java content.

Should I be worried?

Yes, many of the Java vulnerabilities being exploited are types of errors that allow code execution in a completely reliable manner. 

How can I prevent it?

Users should upgrade to Java 7 Update 13, which Oracle released in early February – 18 days prior to its scheduled release – in response to reports of the vulnerability being actively exploited. This latest update addresses 50 vulnerabilities for Java SE products. One of these is the new zero-day, though it is currently unclear which one. As attacks targeting Java are increasing, and we could see new zero-days in the immediate future, users should also disable Java in browsers by default, only enabling it for trusted websites when needed.

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Maryland hospital employees face tax fraud following breach

A University of Pittsburgh Medical Center spokeswoman announced that at least 788 employees were victims of tax fraud as a result of a February attack.

Donation campaign launched, aimed at OpenSSL audit

Bugcrowd, an Australian security start-up, will organize the funding drive in hopes to further secure the open source software.

New VOICE website a resource tool for cyber crime victims

A new website created to aid consumers in quickly reporting cyber crime is now available.