Security Market Segment LS
Wednesday, 29 August 2012 08:47

Java zero-day affects multiple platforms

By

A serious Java vulnerability is being exploited in the wild.

US-CERT is warning of a recently discovered vulnerability in Oracle Java Runtime Environment (JRE) 1.7 (Java 7) that can be exploited to run arbitrary code.

According to the vulnerability note, "an untrusted Java applet can escalate its privileges... without requiring code signing."

"This vulnerability is being actively exploited in the wild, and exploit code is publicly available," warned US-CERT.

An exploit for the vulnerability has been added to the Metasploit exploit kit.

The vulnerability appears to affect Java 7 regardless of the operating system or browser; Windows, Mac OS X and Linux versions of Java 7 are known to be vulnerable.

The vulnerability has initially been used to deliver Windows malware, but that could easily change as Java vulnerabilities have been used in most recent Mac malware attacks.

The vulnerability is specific to Java 7 - earlier versions are not affected.

Page 2: upgrade schedule and mitigations

 


The next Java update is scheduled for October 16.

"Oracle has a bad track record for releasing timely patches for Java exploits, but with all the attention this flaw is getting I would hope it would release an out of cycle fix if for no other reason than to save face," said Chester Wisniewski, senior security advisor at security vendor Sophos.

In the absence of a fix from Oracle, interim measures include disabling the Java plug-in, but care should be taken to ensure this is done for each browser installed on a particular system.

The US-CERT vulnerability note provides instructions or links to instructions for disabling Java in Chrome, Firefox, Internet Explorer and Safari.

(Java 7 is not accessible by Chrome on Mac OS X, as Chrome is a 32-bit browser and Java 7 provides a 64-bit plug-in.)

A more radical response is to remove Java entirely unless it is really needed for particular functions.

Another mitigation for Firefox users is to use the NoScript extension to whitelist trusted sites.


Subscribe to Newsletter here

WEBINAR INVITE: Exploring Emerging Strategies for 5G Monetization

Network Operators continue to invest in 5G and build out their infrastructure.

With the recent impact of world events, the pressure is on to explore additional ways beyond traditional subscription models to monetize existing investments and speed up returns.

Creative thinking is key in this space, and in this webinar, you will learn about innovative ideas for Network Operators and Enterprise Business to enable new services and opportunities to drive incremental revenue.

Join us for this thought-provoking webinar with ITR Analyst, Marc Einstein, where you will learn about:

- Key industry 5G trends
- How COVID-19 is driving innovation and potential new business opportunities and applications for 5G

Click below to register your interest for the AUGUST 26, 4PM WEBINAR (AEST)

REGISTER NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

BACK TO HOME PAGE

WEBINARS ONLINE & DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

ResearchWire

Guest Research & Case Studies

Channel News

Comments