Posts Tagged ‘java-vulnerabilities’

Java DangerThe most commonly used Java 6 Update 20, which contains 96 vulnerabilities of the highest level of danger.

The company Bit9 has conducted a study, the results of which indicate that the Java carries a significant risk to the safety of the enterprise, as it is often the software is the ultimate target of cyber criminals.

In the study, experts analyzed the use of Java on one million cars in hundreds of companies around the world and found that older versions of Java contain vulnerabilities that pose the threat.

Main results of research:

– At 5% Percentage of all analyzed more than 100 computers installed versions of Java;
– The presence of multiple versions of Java on their computers due to the fact that when you install new versions of the old ones are not always removed; (more…)

Oracle LogoOracle has recognized the recent security problems that have arisen with Java, and plans to implement several new features, at least three to address such incidents.

According to the corporation, in October 2013, will be released quarterly package of Oracle Critical Patch Update. Usually this patch includes fixes for the same time all the products that will not solve the problem of the so-called vulnerability “zero day“. However, some modification of code fragments, most likely, will help to quickly eliminate other potential vulnerabilities in Java for portable workstations and servers. (more…)

Oracle LogoOracle has released Java SE 7 Update 21: eliminating of 45 vulnerabilities, and support for ARM

Oracle (Oracle Corporation) has unveiled the planned corrective release Java SE 7 Update 21, which fixed 42 security problems, as well as a portion of the improvements introduced to increase security. In addition, despite the decision to end the public release updates Java SE 6, as this branch is still actively used, published release Java SE 6 Update 45 with elimination of 25 vulnerabilities.

19 vulnerabilities assigned the highest level of risk (CVSS Score 10.0), implying the possibility of going beyond an isolated virtual machine environment and the initiation of the code in the system when processing a specially decorated content. All of the vulnerabilities present in the JRE. (more…)

Oracle LogoDue to the high level of risk and discussion in the IT industry, Oracle released a few hours ago, a fix for the Java 7, which was previously found a serious vulnerability, allowing a malicious files on your computer.

Recall that the company intends to release quarterly patch set tomorrow, where will eliminate 86 vulnerabilities, but considered Java-vulnerability was particularly well publicized and on its basis have appeared of malware that has forced Oracle to release a fix as soon.

The specified vulnerability of CVE-2013-0422 since Friday is included into couple of the most popular systems of testing of vulnerabilities, and on the Internet already there were the sites uses this vulnerability.

The blog at the same time with the release of Oracle Java 7 Update 11 there was a record of Eric Morris, who said that Oracle calls as soon as possible to install an updated version of the system. He also noted that in the network there are at least a couple of different Java-applets that use of compromised Web sites. (more…)

Kaspersky Lab

main types of vulnerable applications

Kaspersky Lab has identified five main types of vulnerable applications, which using exploits. The study of viral activity in the third quarter of 2012, more than 50% of the attacks were used loopholes in Java. Updates of the software installed on the user’s request, not automatically, which increases time life of the vulnerability. Java exploits are fairly easy to use under any version of Windows, and with some work attackers, as was the case with Flashfake, the exploit can be cross-platform. This explains the special interest cybercriminals java-vulnerabilities.

In second place attack through Adobe Reader, which accounted for a quarter of all reflected attacks. Gradually popular exploits this application is reduced, due to the rather simple mechanism for their detection and automatic updates introduced in the latest version. About 3% of the attacks were in exploits the vulnerability in Windows Help and Support Center, as well as various vulnerabilities in the browser Internet Explorer.

Errors in Flash-player files are subject to scrutiny intruders. According to Kaspersky Security Network system for the third quarter of 2012, the ten most common vulnerabilities were two “representative» Adobe Flash. Close the top five exploits for devices running Android OS. Their main goal – to make imperceptible “jailbreak” and provide any programs, including malware, full access to the memory and features of the phone or tablet. (more…)