Java security vulnerability patched in February is now being used widely by criminals to install malware.Īnalysis: Patch! Watch for outdated Java on the network as the presence of old Java User-Agents is often a sign that a system has been exploited and Java is now doing the attackers bidding, typically downloading something evil. For Oracle Java SE Critical Patch Updates, the next three dates are:Ĭritical Java hole being exploited on a large scale. Keeping old and unsupported versions of Java on your system presents a serious security risk.'. In slight modification of Oracle's own words: ' We highly recommend users remove all older versions of Java from your system. Such exploits also pay off for the attackers who launch targeted attacks, as many targets do not patch in a timely manner." While Metasploit is intended for authorized penetration testing purposes, attackers have no such scruples and will happily leverage freshly published exploit code to develop their own and incorporate the exploit into their malware kits. "Exploit code is available for a recently patched Java vulnerability.Īnalysis: Oracle patched a series of Java security issues in February and at least one of these issues now has publicly available exploit code, as published in the Metasploit framework. ZDI-12-039: Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution Java exploit code available for recently patched vuln.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |