Unpatched Java flaw Hit in Targeted Attacks, Researchers Say

The zero-day vulnerability affects the most recent version of Java.


How to Help Your Business Become an AI Early Adopter

Computerworld: Researchers from several security firms are warning about a new attack which targets a vulnerability in Java 7 Update 6, the latest version of Java. The attack code is hosted by a website with a Chinese IP address and delivers malware from servers in Singapore. The malware appears to be a variation of Poison Ivy, a Trojan used for cyberespionage.

"This vulnerability is not a 'memory corruption' type vulnerability, but instead seems to be a security bypass issue that allows running untrusted code outside the sandbox without user interaction," explained Carsten Eiram of security vendor Secunia. "In this specific case a file is downloaded and executed on the user's system when just visiting a web page hosting a malicious applet."

Oracle has not said when it will release a patch for the problem. "We are not aware of any fixes or workarounds except disabling/uninstalling Java," noted Eiram.

Tags: Java, security, malware, trojan, vulnerability, Zero-Day exploit

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.