Java’s latest security problems: New flaw identified, old one attacked

siljaline · Mar 5, 2013

Another out of band update for Java * H/T * @ Corrine

AlexC · Mar 5, 2013

Rmus said:

I suppose we all have our own ideas as to what constitutes a properly configured machine!

Regarding Java, properly configured for me would be white listing the plug-in per site , so that upon encountering a redirection exploit, the code on the redirected web site would not run:
Click to expand...

Is this needed if one doesnt have Java installed? Or is this related with JavaScript? thanks

Rmus · Mar 5, 2013

AlexC said:

Is this needed if one doesnt have Java installed?
Click to expand...

No. If no Java application, there is nothing to exploit!

Or is this related with JavaScript? thanks
Click to expand...

Not related. They are different codes.

----
rich

AlexC · Mar 6, 2013

Rmus said:

No. If no Java application, there is nothing to exploit!

Not related. They are different codes.

----
rich
Click to expand...

Thanks for the clarification!

TheKid7 · Mar 6, 2013

Oracle ships out-of-band Java fix, Apple follows suit:

http://nakedsecurity.sophos.com/2013/03/06/oracle-ships-out-of-band-java-fix-apple-follows-suit/

ronjor · Mar 6, 2013

Java security woes to stay with businesses for a long time

By Antone Gonsalves, CSO

CSO - Zero-day vulnerabilities, delays in receiving patches and continuous cyberattacks are enough to make any large company want to toss the buggy Java plug-in from browsers. But that seemingly simple solution is not possible for the majority of businesses, which still use the platform for running Web-based Java applications, experts say.
Click to expand...

http://www.networkworld.com/news/2013/030613-java-security-woes-to-stay-267420.html

siljaline · Mar 6, 2013

Thanks, Oracle: New Java malware protection undone by old-school attack Stolen certificate hosted on legit site by default trusted as safe by plugins.

Researchers have found a shortcoming in key security protection recently introduced in the browser plugin for Oracle's Java software framework, a flaw that makes it easier for attackers to sneak malware onto end-user computers.
Click to expand...

Article

BrandiCandi · Mar 9, 2013

It's starting to become more newsworthy when a day goes by without a new Java 0day getting dropped. New Java exploits developed yesterday and Wednesday at pwn2own.

http://arstechnica.com/security/201...ues-as-exploits-take-down-adobe-reader-flash/

Log in or Sign up

Java’s latest security problems: New flaw identified, old one attacked

siljaline Registered Member

AlexC Registered Member

Rmus Exploit Analyst

AlexC Registered Member

TheKid7 Registered Member

ronjor Global Moderator

siljaline Registered Member

BrandiCandi Guest

Log in or Sign up

Java’s latest security problems: New flaw identified, old one attacked

siljaline Registered Member

AlexC Registered Member

Rmus Exploit Analyst

AlexC Registered Member

TheKid7 Registered Member

ronjor Global Moderator

siljaline Registered Member

BrandiCandi Guest

Useful Searches