Java users beware: Exploit circulating for just-patched critical flaw
If you haven't installed last week's Java update, now would be a good time.
If you haven't installed last week's patch from Oracle that plugs dozens of critical holes in its Java software framework, now would be a good time. As in immediately. As in, really, right now.
In the past few days, attack code targeting one of the many remote-code-execution vulnerabilities fixed in Java 7 Update 21 was folded into either the folded into the RedKit or CrimeBoss exploit kit. By Sunday, that attack code was being actively unleashed on unsuspecting end users, according to a short blog post published by a researcher from antivirus provider F-Secure...
Researchers: Serious flaw in Java Runtime Environment for desktops, servers
Java vulnerability hunters from Polish security research firm Security Explorations claim to have found a new vulnerability that affects the latest desktop and server versions of the Java Runtime Environment (JRE).
The vulnerability is located in Java’s Reflection API component and can be used to completely bypass the Java security sandbox and execute arbitrary code on computers, Adam Gowdiak, the CEO of Security Explorations, said Monday in an email sent to the Full Disclosure mailing list. The flaw affects all versions of Java 7, including Java 7 Update 21 that was released by Oracle last Tuesday and the new Server JRE package released at the same time, he said...