U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Security

New Zero-Day Vulnerabilities affect Java earlier versions

Java, Java and once again Java, the popular framework and its vulnerabilities are becoming a really nightmare for security experts, billion of users and their machines are exposed to a series of attacks that try to exploit flaws in the Oracle software. Security worldwide community attributes to the Java vulnerabilities the principal responsibilities for recent […]

New Zero-Day Vulnerabilities affect Java earlier versions

Java, Java and once again Java, the popular framework and its vulnerabilities are becoming a really nightmare for security experts, billion of users and their machines are exposed to a series of attacks that try to exploit flaws in the Oracle software.

Security worldwide community attributes to the Java vulnerabilities the principal responsibilities for recent attacks against IT giants such as Microsoft, Facebook and Apple, but just while all discussing about the repercussion for the presence of 0-days vulnerabilities in the popular software a Polish security firm Security Explorations reported two new Java zero-day vulnerabilities, dubbed “issue 54” and “issue 55,”. Immediately the experts of Security Explorations have provided to Oracle proof of concept on what could be a new disaster for Java under security perspective.

Oracle’s security team has immediately started the necessary verifications, but there are many concerns related the possible presence of security flaws that could allow attackers to bypass Java’s security sandbox compromising target machine making possible the download of malicious code.

Recent incidents have demonstrated that hackers simply compromising a legitimate website with malicious code could exploit Java vulnerabilities in victim’s browser and infect the host.

Softpedia posted an article that reports declaration of Security Explorations CEO Adam Gowdiak:

“Both new issues are specific to Java SE 7 only. They allow to abuse the Reflection API in a particularly interesting way… Without going into further details, everything indicates that the ball is in Oracle’s court. Again.”

If the vulnerabilities will be confirmed Oracle will have to release a new patch as soon as possible to avoid further serious incidents, meantime it is strongly suggested to users to disable Java plugin for their browsers if it is not strictly necessary.

Pierluigi Paganini