Researchers Find 0-Day Vulnerabilities in Java 7 Update 15

The Dangers of Java 7Security Exploration researchers have discovered a new set of 0-day vulnerabilities affecting Java 7 Update 15 and earlier.

An update posted on the Security Explorations website states that the company has notified Oracle of the vulnerabilities (referred to as issues 54 and 55), including proof-of-concept code for the company to review. Oracle confirmed successfully receiving the report and is now investigating the matter.

Hopefully Oracle will move to patch the bugs quickly since they can be used to completely bypass the Java security sandbox.

Adam Gowdiak, CEO of Security Explorations told Softpedia, “Both new issues are specific to Java SE 7 only. They allow abuse [of] the Reflection API in a particularly interesting way. Without going into further details, everything indicates that the ball is in Oracle’s court. Again. “

Considering that cybercriminals recently used Java vulnerabilities in the watering hole attack that resulted in malware being installed on computers belonging to Facebook, Apple, Microsoft, and other companies, it may be wise for users to consider:

It’s better to be safe than sorry.

Do you still have Java installed on your system?

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

This entry was posted in Computer Security, phishing and tagged , , , .
Follow any comments here with the RSS feed for this post. Trackbacks are closed, but you can post a comment.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5