Posts Tagged ‘Java vulnerability’

LinuxIn the implementation of the Linux kernel x32 ABI found serious vulnerability

The critical vulnerability (CVE-2014 – 0038) has been detected in the Linux kernel.

The vulnerability allows local users to elevate their privileges in the system and execute code with kernel privileges. The problem occurs only when compiling the kernel with support for x32 ABI, allowing the use of 64 -bit systems, 32-bit memory addressing model. The vulnerability manifests itself only on 64- discharge of the Linux kernel since release 3.4, compiled with the option CONFIG_X86_X32 (not to be confused with CONFIG_X86_32, the problem is not subject to the configuration in which the 32- bit applications run on a system with 64- bit kernel and 32-bit kernel build without support x32 ABI). (more…)

SQL-Injection Hackers can use program commands to gain access to databases. This process is known as SQL injection. While information regarding these vulnerabilities is not new, there may be types of SQL injection you are not aware exist. Four SQL injection vulnerabilities you most likely are not aware of include: default database names, .net, Boolean-based injection and dynamic database queries.

Default Database

WordPress helps to make creating blogs and websites easy for those who are not programming experts. However, these sites are not impenetrable to SQL injections or other vulnerabilities. One problem that can leave website owners open to an SQL attack is WordPress’ tendency to create (more…)

Java DangerAccording to the statements of experts discovered vulnerability allows an attacker to bypass the sandbox Java.

Representatives of the Polish company Security Explorations announced the discovery of a new vulnerability in Java 7, which allows an attacker to bypass the sandbox software and execute arbitrary code on the system.

To confirm the presence of gaps Adam Gowdiak, CEO and founder of Security Explorations, sent a notice to the PoC-code vulnerability in Oracle. According to the researcher, the vulnerability is present in the Reflection API – functions in Java 7. In the Security Explorations confirmed that the PoC-exploit code works for Java SE 7 Update 25 and earlier versions. (more…)

Java DangerAccording to security vendor Websense, most browsers with installed Java-plugin vulnerable for at least one exploit-kit, used for a number of web-based attacks.

In Websense say they used their own analytical network that tracks billions of Web requests from several million end-user computers. Network is able to detect the version of Java, installed on the system, and the browser with which it works.

According to the latest telemetry, only 5.5% of users have the latest version of Java and the latest version of the browser in the system (Java 7 Update 17 or Java 6 Update 41), but even for these versions of Java in the network already sold exploit kits, allowing the use of remains open holes in the software. (more…)

The latest stable version of Java for users exposed of the new attack, says independent experts.

Java DangerAccording to them, the attack works even if the user is uses the maximum security settings, and the software is fully updated. Recall that in the last month in Java have been eliminated two vulnerabilities “zero-day”, but according to experts in Java still has security problems.

Now experts are saying about the vulnerability in Java 7 Update 10, released in December 2012. According to the Polish IT company Security Explorations, this version of the environment, even at the maximum security settings allows you to run malicious Java-applets that are hazardous to your computer. We are talking about applets that do not have the digital certificate, but in terms of runtime look like legitimate application.

Previously, Oracle has eliminated a number of security problems associated with running unsigned Java-applications, but in most cases, the real security problem has been avoided, when Java was set to a high level of security, but now the problems are in any case. (more…)

Oracle LogoDue to the high level of risk and discussion in the IT industry, Oracle released a few hours ago, a fix for the Java 7, which was previously found a serious vulnerability, allowing a malicious files on your computer.

Recall that the company intends to release quarterly patch set tomorrow, where will eliminate 86 vulnerabilities, but considered Java-vulnerability was particularly well publicized and on its basis have appeared of malware that has forced Oracle to release a fix as soon.

The specified vulnerability of CVE-2013-0422 since Friday is included into couple of the most popular systems of testing of vulnerabilities, and on the Internet already there were the sites uses this vulnerability.

The blog at the same time with the release of Oracle Java 7 Update 11 there was a record of Eric Morris, who said that Oracle calls as soon as possible to install an updated version of the system. He also noted that in the network there are at least a couple of different Java-applets that use of compromised Web sites. (more…)

Apple LogoApple has released a new patch for Java. The patch will be available to users of OS X 2012-005, Mac OS X 10.6, and OS X Lion and Mountain Lion is known that this patch closes the vulnerability CVE-2012-0547. However, as the experts, it does not close vulnerability CVE-2012-4681, which recently most often used by malicious hackers.

Oracle has released a patch for CVE-2012-4681 last week. However, the specialists of Security Explorations, who first discovered the vulnerability, warning that the patch itself contains a vulnerability. At this point, they refuse to disclose any details. However, most experts, as before, are urging Internet users to disable Java in the browser at least, used as the core, as most sites do not require the inclusion of Java to work properly. For sites that require the inclusion of Java, experts recommend the use of alternative browsers. (more…)

Malware Trojan HorseFlashback is an example of malicious software that allows cyber criminals can steal passwords and other sensitive information from the infected computer. The system can be compromised when visiting malicious Web sites. Said Trojan was the first large-scale real threat faced by owners of “Poppy.” Despite the fact that the application uses a vulnerability in the Java, and not in OS X, in 98% of his victims were just Mac-system.

If you go to an infected site that is hosting Flashback, the program will attempt to show you a trained applet Java. If you have a version of the Java vulnerability and it is enabled in your browser, the malicious code will infect your system and install a specific set of components. Since Apple released the first update for this vulnerability only 3 April and 6 April issued a second update, at the moment a large number of Mac is still at risk of infection. (more…)

 Java DangereScan – how to protect a PC against hacker attacks via unpatched vulnerabilities Oracle Java

Recall, August 27, 2012 the company FireEye researchers reported in his blog about the dangerous gaps in the Java Runtime Environment (JRE) 1.7 – runtime Java.

Vulnerabilities, the current platforms Microsoft Windows, Mac OS X and Linux, was given the name CVE-2012-4681. Vulnerability CVE-2012-4681 is widely used by hackers – a few hours in the hacker’s arsenal came the latest updates the most popular sets of exploits, including an exploit and under CVE-2012-4681. (more…)

Oracle LogoSecurity Explorations: security vulnerability has been discovered in an update, Java 7

Specialists in IT security of the Polish company Security Explorations reported finding security vulnerabilities in Java 7, an update, released less than a day ago.

The company says that can be exploited to bypass the “sandbox” Java and execute potentially malicious code on the target system. In the Security Explorations say that already passed the data on vulnerabilities in Oracle with kotseptualnym exploit performing hacking Java for testing purposes.

Director General of Security Explorations Govdiak Adam said that while his company does not publish the technical details of the vulnerability, to give Oracle some time to fix the problem. (more…)