CVE-2013-5782

CVE-2013-5782 is one of multiple Oracle Java/IBM SDK vulnerabilities disclosed in October 2013 CPU updates. The IBM bulletins enumerate affected IBM SDK/JAVA components (IBM SDK Java Technology Edition versions 5, 6, 7 and associated WebSphere products) and describe the root issue as an unspecifi...

New Mac OS Malware exploited two known Java vulnerabilities

A new Mac OS Malware has been discovered called OSX/Leverage.A, which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user's machine. The Trojan named 'Leverage' because the Trojan horse is distributed as an application disguised as a...

New Mac OS Malware exploited two known Java vulnerabilities

A new Mac OS Malware has been discovered called OSX/Leverage.A, which appears to be yet another targeted command-and-control Trojan horse, that creates a backdoor on an affected user’s machine. The Trojan named 'Leverage' because the Trojan horse is distributed as an application disguised as a...

Shylock/Caphaw Banking Malware Infections on the Rise

Two dozen major U.S. and European banks are in the crosshairs of the Shylock, or Caphaw, financial malware of late, and victims who trade with one of the 24 financial institutions are at risk of giving up their credentials and losing assets in their accounts. Malware researchers have noticed a ri...

Bit9 has done the report found a large number of“critical”Java vulnerability-vulnerability warning-the black bar safety net

Bit9 has done recently for Java and its vulnerabilities conducted in-depth research, the results found that nearly half of the enterprises installed two or more versions of Java. Java in the enterprise environment is very General, enterprises usually do not delete the old version, which increases...

Many Flash, Java Users Running Older, Vulnerable Versions

It’s long been known that Java and Flash are favored targets of attackers, thanks to their huge install bases and numerous security issues. And the users who are targeted by these attacks aren’t doing themselves any favors either, as new research shows that 19 percent of business users are runnin...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2012-43)

It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine JVM, or bypass Java sandbox restrictions. CVE-2012-0497 It...

Counter.php Redirecting to Sites Peddling Styx Exploit Kit

The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit. According to a post on Securelist today, Vincente Diaz, a researcher with...

MGASA-2013-0208 Updated java-1.6.0-openjdk packages fix security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2012-0730)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0730 advisory. 1.6.0.0-1.27.1.10.8.0.1.el58 - Add oracle-enterprise.patch 1:1.6.0.0-1.27.1.10.8 - Modified patch3, java-1.6.0-openjdk-java-access-bridge-security.patc...

MGASA-2013-0185 Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption CVE-2013-2470, CVE-2013-2471, CVE-2013-2472...

RedHat Update for java-1.7.0-openjdk RHSA-2013:0958-01

Check for the Version of java-1.7.0-openjdk OpenVAS Vulnerability Test RedHat Update for java-1.7.0-openjdk RHSA-2013:0958-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

CentOS 5 : java-1.7.0-openjdk (CESA-2013:0958)

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

65 Sites Compromised in ZeroAccess Trojan Attacks

As many as 65 websites have been compromised in an attack that has snared another Washington, D.C.-area media website as well as a number of travel and leisure sites. While the sites aren’t topically related, they’re all hosting advertisements injected with malicious code hosted on...

RHEL 5 : java-1.4.2-ibm (RHSA-2012:0702)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0702 advisory. - OpenJDK: JavaSound incorrect bounds check Sound, 7088367 CVE-2011-3563 - Oracle JDK: unspecified vulnerability fixed in 6u31 and 7u3 2D...

It's Time to Abandon Java

As humans, we have a difficult time letting go of things. Whether it be a favorite pair of jeans, a beloved dog or an old friend who you know is just bringing you down, putting aside things we know well is hard to do. But sometimes things are just too broken to be useful any longer, and that’s th...

Oracle Java Runtime Environment CVE-2013-0422 Multiple Remote Code Execution Vulnerabilities

Description Oracle Java Runtime Environment is prone to multiple remote code execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application. Versions prior to Oracle JRE 1.7.0 Update 11 are vulnerable. Technologies Affected CentOS CentO...

JDK: getDeclaredMethods() and setAccessible() code execution

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics...

OpenJDK: Executors state handling issues (Concurrency, 7189103)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency...

Security Experts Recommend Long, Hard Look at Disabling Java Browser Plug-In

Is the Java browser plug-in the IT equivalent of the human appendix? Would you miss it if it were gone? Probably not, experts say, especially now that attackers are beating the Java sandbox with a rash of zero-day exploits. “It’s simply safer to have the Java plug-in disabled in the browser knowi...