Java

New Java security hole affects desktops and servers

Adam Gowdiak, who has made a name for himself by finding flaws in Java, has reported a new vulnerability. Security issue 61, according to Gowdiak’s tally, affects current versions of Java SE 7, including the very latest release version 1.7.0_21-b11. The hole is once again present in the Reflection API and allows attackers to completely bypass …

New Java security hole affects desktops and servers Read More »

Java 8 release schedule delayed for renewed focus on security

ISC Handler Rob V pointed out a blog post from Oracle’s Mark Reinhold stating that Oracle has “mounted an intense effort to address those issues in a series of critical-patch update releases” and that they’ve also upgraded their “development processes to increase the level of scrutiny applied to new code, so that new code doesn’t introduce new …

Java 8 release schedule delayed for renewed focus on security Read More »

Oracle rushes out patch for critical 0-day Java exploit

TheRegister: In an uncommon break with its thrice-annual security update schedule, Oracle has released a patch for three Java 7 security flaws that have recently been targeted by web-based exploits. “Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible,” Eric Maurice, the company’s director …

Oracle rushes out patch for critical 0-day Java exploit Read More »

Java zero day vulnerability actively used in targeted attacks

ZDNet: Security researchers from FireEye, AlienVault, and DeependResearch have intercepted targeted malware attacks utilizing the latest Java zero day exploit. The vulnerability affects Java 7 (1.7) Update 0 to 6. It does not affect Java 6 and below. Based on related reports, researchers were able to reproduce the exploit on Windows 7 SP1 with Java …

Java zero day vulnerability actively used in targeted attacks Read More »

Apple releases Java update with Flashback removal tool

The H-Online: As expected, Apple has released an updated version of the Java implementation for its Mac OS X operating system that includes a removal tool for the Flashback trojan. According to the company, the update, labelled “Java for OS X 2012-003“, finds and removes the “most common variants” of the malware which had infected …

Apple releases Java update with Flashback removal tool Read More »

Java SE updates fix critical security holes

The H-Online: Oracle has fixed 14 security holes in the Java Standard Edition (Java SE) with a critical patch update. The vulnerabilities allow attackers to use specially crafted Java WebStart applications or web services in order to install malicious code on computers that run flawed versions of Java. Oracle says that such flawed versions are …

Java SE updates fix critical security holes Read More »

Java 6 Update 27 released

Java SE 6 Update 27The full internal version number for this update release is 1.6.0_27-b07 (where “b” means “build”). The external version number is 6u27. HighlightsThis update release contains important enhancements for Java applications: Improved performance and stability Certification for Firefox 5 Update release notes: http://www.oracle.com/technetwork/java/javase/6u27-relnotes-444147.html Complete bug fix list: http://www.oracle.com/technetwork/java/javase/2col/6u27bugfixes-444150.html

Java surpasses Adobe kit as most attacked software

Researcher sees ‘unprecedented wave of Java exploitation’ Oracle’s Java framework has surpassed Adobe applications as the most attacked software package, according to a Microsoft researcher who warned she was seeing “an unprecedented wave of Java exploitation.” The spike began in the third-quarter of last year and has climbed steadily since, according to data reported on …

Java surpasses Adobe kit as most attacked software Read More »