MacNN Forums (http://forums.macnn.com/)
-   Tech News (http://forums.macnn.com/tech-news/)
-   -   Researchers discover new, in-use vulnerability in Java (http://forums.macnn.com/113/tech-news/498550/researchers-discover-new-use-vulnerability-java/)

 
NewsPoster Mar 1, 2013 04:07 PM
Researchers discover new, in-use vulnerability in Java
A new vulnerability has been discovered in the latest versions of Java, v1.6 Update 41 and v1.7 Update 15, say researchers from security firms FireEye and Kaspersky Lab. Critically the bug is already being exploited in order to download and install a remote access tool, "McRAT," on targeted computers. The malware is being spread through a JPG file hosted on a Japanese website.<br /><br />FireEye <a href="http://macnn.com/rd/280212==http://www.pcworld.com/article/2029741/another-java-flaw-exploited-security-researchers-warn.html" rel='nofollow'>remarks</a> that the current exploit is inconsistent. It attempts to break through Java security measures by overwriting a large memory chunk, but sometimes fails to download the malware, instead crashing the Java Virtual Machine. Kasperky meanwhile observes that while the attack works against Java 7 Update 15, it fails against older versions.

This week's discovery represents the third zero-day Java exploit this year, and has forced Oracle to play a cat-and-mouse game, <a href="http://macnn.com/rd/280213==http://www.electronista.com/articles/13/02/20/third.emergency.update.may.be.the.charm.for.recent .malware.issues/" rel='nofollow'>releasing a string of unplanned updates</a> to keep up. Apple has meanwhile taken steps of its own to protect OS X, not only posting Mac-native Java updates, but in some cases blocking Java outright until Oracle can produce a patch.
 
Makosuke Mar 1, 2013 06:29 PM
Ouch
It's honestly getting to the point where, if I were a browser vendor, I'd just remove support for a Java plugin from the browser entirely. The tiny number of people who use Java-based applets that you'd annoy would be minuscule compared to the vast number of people you'd benefit, and some niche browser that did support in-window Java would probably take over for the professionals who actually need the feature.
 
All times are GMT -4. The time now is 12:14 AM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2015, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2