Announcement

Collapse
No announcement yet.

US-CERT Advises Enterprises to Disable Java

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • US-CERT Advises Enterprises to Disable Java

    By: Dan Verton
    08/29/2012 ( 8:59am)

    The US-CERT warning came one day after researchers at FireEye Inc. in Milpitas, Calif., discovered an active exploit for the vulnerability in the wild. According to Atif Mushtaq, a malware researcher at FireEye, all versions of Java 7 are vulnerable to the new exploit, which is hosted on a domain that resolves to an Internet Protocol (IP) address based in China.
    ...
    the attack is hosted on a malicious Website that installs a Java applet capable of escalating security privileges. Attackers can then use this access to execute arbitrary code on the vulnerable computer. The advisory states that there is currently no known ?practical solution to the problem?
    ...
    ?It's just a matter of time that a POC [proof of concept exploit] will be released and other bad guys will get hold of this exploit as well,? said Mushtaq in a blog posting. ?It will be interesting to see when Oracle plans for a patch, until then most of the Java users are at the mercy of this exploit.?
    ...

    Read the full article here:
    The salvage of human life ought to be placed above barter and exchange ~ Louis Harris, 1918
Working...
X