As a result, some companies issued their own private patches to this vulnerability in the days that followed its initial finding, but Oracle has stepped up and broken its regular release schedule to offer a patched version of the Java 7 runtime. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet.Įven though the attacks using this vulnerability so far have been Windows-based, the exploit was demonstrated on other platforms supported by Java 7, including OS X systems where the exploit was successfully run in the latest Safari and Firefox browsers in Mountain Lion.įollowing the news of this exploit and the potential for it to do harm, concern arose regarding Oracle's release schedule for Java updates which are usually released quarterly and would mean users would have to wait until October to see a patch to this flaw. In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem.
0 Comments
Leave a Reply. |