Friday, January 11, 2013

New Java 7 Exploit In The Wild,
Coming Soon To A Mac Near You!

--
Just Turn Java OFF.

Oracle's Java 7, ALL versions (v1.7 update 10, aka 7u10, on down), has a newly discovered security hole that is being exploited in-the-wild on Linux, Windows and UNIX. That 'UNIX' exploit means malware will immediately be coming to Mac.

Surprised? Not me!

CVE-2013-0422 describes the security hole as:
Unspecified vulnerability in Oracle Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via unknown vectors, possibly related to "permissions of certain Java classes," as exploited in the wild in January 2013, and as demonstrated by Blackhole and Nuclear Pack.
SecurityTracker provides further details:
A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user. 
This vulnerability is being actively exploited. 
Several exploit kits include an exploit for this vulnerability....  
No solution was available at the time of this entry.
The source report about in-the-wild exploit malware can be found here:


Quoting the article:
Hundreds of thousands of hits daily where i found it. This could be a mayhem. I think it's better to make some noise about it.
I'll post when the 'mayhem' hits the Mac community, which will likely be any minute now...
--


2 comments:

  1. come to our website
    java training that is the largest professional java training site where java,
    java training, online java course, java training in Virginia,
    java programming are available

    more detail.......
    online java course
    java programming
    java training in Virginia

    ReplyDelete
  2. I am basically not a programmer and I am comparatively new to Java technology , so I was wondering what all topics should be covered up if i have to start java from the start and has any one
    studied or got any info regarding this 6 week java training online course http://www.wiziq.com/course/12145-the-6-week-complete-java-primer-with-training-certificate and should we also have knowledge of C language before we further move on to Advance Java topics??

    ReplyDelete