There was something a poor start to the year for Oracle and it does not seem likely that it going to be getting better any time soon. FireEye security cabinet has discovered yet another zero-day exploit affecting Java Oracle software in a long list of flaws that have been discovered.
FireEye Researchers say that the vulnerability has already been used to attack several customers "and can be operated in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed - last supposedly patched versions of the plugin. FireEye warns that this new flaw is used to install a Trojan remote access McRat called and said it is another feat to that which caused major security holes on Facebook, Twitter and Apple recently. McRat is a Trojan Windows and therefore, although it is unclear so far if the defect affects only Windows or computers that run on Linux and Mac OS X are also susceptible, attacks "in the wild" are specifically focus on Windows users.
last updated Java was applied February 19 and despite being an outlet provided that only 5 targeted security holes, he followed an emergency update that patched 50 vulnerabilities. The bad news for everyone who has applied these updates hoping that their worries disappear is that security researchers from Kaspersky Lab last week claimed that the exploit worked in the latest update of Java ( update 15), but seem to fail in older - such as update 10. the only positive news is that FireEye can offer is that the exploit does not seem to be very reliable as it tries to crush large chunks of memory and eventually causes a virtual accident JVM often.
If you are reading this now on a Java-enabled browser, the current advice is to uninstall or disable Java or set your security settings to "High" when you need to use it. If you are concerned about online security more generally, then invest in a VPN service will give you an extra level of protection. If your VPN is enabled while you browse the Internet, your system is less likely to be exploited by hackers.
0 Komentar