Threat of the month: Java zero-day

Share this article:
Threat of the month: pdf.exe.zip files
Threat of the month: pdf.exe.zip files

What is it?

Yet another zero-day vulnerability in Java Runtime Environment (JRE) that allows remote code execution via browsers.

How does it work?

It can be triggered by a user simply viewing a web page embedding malicious Java content.

Should I be worried?

Yes, many of the Java vulnerabilities being exploited are types of errors that allow code execution in a completely reliable manner. 

How can I prevent it?

Users should upgrade to Java 7 Update 13, which Oracle released in early February – 18 days prior to its scheduled release – in response to reports of the vulnerability being actively exploited. This latest update addresses 50 vulnerabilities for Java SE products. One of these is the new zero-day, though it is currently unclear which one. As attacks targeting Java are increasing, and we could see new zero-days in the immediate future, users should also disable Java in browsers by default, only enabling it for trusted websites when needed.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.