dcsimg

Unpatched Java flaw Hit in Targeted Attacks, Researchers Say

Download the authoritative guide: Cloud Computing 2018: Using the Cloud to Transform Your Business

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

Computerworld: Researchers from several security firms are warning about a new attack which targets a vulnerability in Java 7 Update 6, the latest version of Java. The attack code is hosted by a website with a Chinese IP address and delivers malware from servers in Singapore. The malware appears to be a variation of Poison Ivy, a Trojan used for cyberespionage.

"This vulnerability is not a 'memory corruption' type vulnerability, but instead seems to be a security bypass issue that allows running untrusted code outside the sandbox without user interaction," explained Carsten Eiram of security vendor Secunia. "In this specific case a file is downloaded and executed on the user's system when just visiting a web page hosting a malicious applet."

Oracle has not said when it will release a patch for the problem. "We are not aware of any fixes or workarounds except disabling/uninstalling Java," noted Eiram.

Submit a Comment

Loading Comments...

NewsletterDATAMATION DAILY NEWSLETTER

SUBSCRIBE TO OUR IT MANAGEMENT NEWSLETTER