Security Market Segment LS
Wednesday, 29 August 2012 08:47

Java zero-day affects multiple platforms

By

A serious Java vulnerability is being exploited in the wild.

US-CERT is warning of a recently discovered vulnerability in Oracle Java Runtime Environment (JRE) 1.7 (Java 7) that can be exploited to run arbitrary code.

According to the vulnerability note, "an untrusted Java applet can escalate its privileges... without requiring code signing."

"This vulnerability is being actively exploited in the wild, and exploit code is publicly available," warned US-CERT.

An exploit for the vulnerability has been added to the Metasploit exploit kit.

The vulnerability appears to affect Java 7 regardless of the operating system or browser; Windows, Mac OS X and Linux versions of Java 7 are known to be vulnerable.

The vulnerability has initially been used to deliver Windows malware, but that could easily change as Java vulnerabilities have been used in most recent Mac malware attacks.

The vulnerability is specific to Java 7 - earlier versions are not affected.

Page 2: upgrade schedule and mitigations

 


The next Java update is scheduled for October 16.

"Oracle has a bad track record for releasing timely patches for Java exploits, but with all the attention this flaw is getting I would hope it would release an out of cycle fix if for no other reason than to save face," said Chester Wisniewski, senior security advisor at security vendor Sophos.

In the absence of a fix from Oracle, interim measures include disabling the Java plug-in, but care should be taken to ensure this is done for each browser installed on a particular system.

The US-CERT vulnerability note provides instructions or links to instructions for disabling Java in Chrome, Firefox, Internet Explorer and Safari.

(Java 7 is not accessible by Chrome on Mac OS X, as Chrome is a 32-bit browser and Java 7 provides a 64-bit plug-in.)

A more radical response is to remove Java entirely unless it is really needed for particular functions.

Another mitigation for Firefox users is to use the NoScript extension to whitelist trusted sites.

DIGITAL MARKETING HAS NO SOCIAL DISTANCING OR TRAVEL RESTRICTIONS

As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email andrew.matler@itwire.com

CONTACT US!

LAYER 1 ENCRIPTION A KEY TO CYBER-SECURITY SOLUTION

Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.

DOWNLOAD!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments