Malware, Network Security, Vulnerability Management

Despite patch, exploits against new Java bug picking up

Researchers at Microsoft are warning that malware taking advantage of a patched Java vulnerability is now being heavily targeted. Detection rates for exploits against the vulnerability (CVE-2012-1723) are now overtaking attacks abusing a previous widely attacked Java bug (CVE-2012-0507), which was used to spread the widespread Flashback trojan that targeted Mac users. Jeong Wook Oh of the Microsoft Malware Protection Center wrote Wednesday in a blog post that the latest vulnerability, classed as a type confusion flaw and patched in June, shows "a high success rate with exploitation when Java Runtime Environment is not updated to the latest secure version."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.