Thursday, August 30, 2012

Java Zero Day Flaw Under Attack

Taken from  Experts Suggest Disabling Java after Zero-Day Flaw Discovery

Security firm FireEye released information yesterday on a Java flaw that has been seen in targeted attacks in the wild, and has been tested to work on most major Web browsers for both Mac and PC.

According to researchers, all versions of Java (including the Java 7 Update 6) are susceptible to attack, and can lead to the installation of malware on a system.

The hole is due to an issue in how the "setSecurityManager()" function in Java is called. Attackers can exploit this issue and set its own privileges on a targeted system, allowing the downloading and execution of malicious software. 

Read on for more information.........

Proposed workaround:
  1. Read US-CERT Vulnerability Note VU#636312
Other Information:
  1.  Warning: Java Zero Day Flaw Under Attack

No comments: