Oracle releases critical security updates for Java
Posted on 19 June 2013.
Oracle released 40 new Java security fixes. 37 of the vulnerabilities may be remotely exploitable without authentication. This was described as the possibility of being exploited over a network without the need for a username and password.



Jeremiah Grossman, CTO and Founder of WhiteHat Security, comments: "Java is definitely a cesspool of vulnerabilities waiting to be discovered, some of which will be patched and exploited. The thing to closely monitor is how fast end-users are actually patching, not just how many vulnerabilities are being addressed when the patch is made available. The Java ecosystem is notoriously slow, which is why I recommend uninstalling Java unless you really need it, then you don't have to worry about the endless slew of patches."

Ross Barrett, senior manager of security engineering at Rapid7, comments: "Of todayís 40 fixes in Oracleís Java SE CPU, 37 are remotely exploitable. The majority are vulnerable through browser plugins, 11 of which are exploitable for complete control of the underlying operating system.

The latest versions of Java 7, 6 and 5 are all vulnerable to most of these conditions. Itís highly likely that earlier versions are also vulnerable.

Java servers are affected by 4 of the disclosed issues, the worst of which scores a CVSS score of 7.5 out of 10 in terms of base risk.

The recommendation here, as always, is for all users to patch as quickly as possible. There are a good number of researchers that have been credited for these fixes and itís likely that Proof of Concept code will be released now that that patches are available."





Spotlight

New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Mon, Dec 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //