OpenJDK: RequiredModelMBean missing access control context checks (JMX, 8000537)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. NOTE: the...

[SE-2012-01] 'Fix' for Issue 32 exploited by new Java 0-day code

Hello All, We were notified today of ongoing attacks with the use of a new Java vulnerability affecting latest version 7 Update 10 of the software 12. Due to the unpatched status of Issue 50 3 and some inquiries received regarding whether the attack code found exploited this bug, we had a quick...

Incomplete Java Patch Paved Way for Latest Zero Day Mess

The exploit targeting the latest zero-day vulnerability in the Java platform is dropping ransomware, and has been found in another exploit kit. Security experts, including U.S.-CERT last night, advise users and IT managers to disable Java on endpoints and browsers. Meanwhile, Polish security...

CVE-2012-4820

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

CVE-2012-4820

CVE-2012-4820 affects IBM Java Runtime used in IBM WebSphere Real Time and other IBM products. The issue arises when code runs under a security manager, allowing remote attackers to escalate privileges by abusing insecure use of java.lang.reflect.Method invoke(). Affected IBM JREs include release...

New Mac Malware 'Dockster' Found on Dalai Lama site

A new trojan horse app called Dockster is targeting Mac users by exploiting a known Java vulnerability CVE-2012-0507. The trojan is apparently being delivered through a website gyalwarinpoche.com dedicated to the Dalai Lama and once installed can collect user keystrokes and other personal...

New Mac Malware 'Dockster' Found on Dalai Lama site

A new trojan horse app called Dockster is targeting Mac users by exploiting a known Java vulnerability CVE-2012-0507. The trojan is apparently being delivered through a website gyalwarinpoche.com dedicated to the Dalai Lama and once installed can collect user keystrokes and other personal...

Dockster Mac Malware Targets Dalai Lama Website Through Flashback Vulnerability

Mac malware targeting Tibetan supporters is being served on a website connected to the Dalai Lama. The Dockster Trojan, discovered by researchers at F-Secure, exploits the same Java vulnerability as the virulent Flashback Trojan that hit more than 600,000 OS X users earlier this year. F-Secure...

Chrome Zero-Day Presentation Gives Way to Mandatory Military Service

The saga of the latest zero-day vulnerability and exploit for the Google Chrome browser took another mysterious turn over the weekend. The 19-year-old Georgian security researcher who found the vulnerability in the browser was called up for compulsory military duty in his country and was unable t...

JDK: unspecified vulnerability (2D)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.238 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via...

Latest Java vulnerability exploitation leads to ransomware

Imagine someone getting access to your computer, encrypting all your family photos and other priceless files, and then demanding a ransom for their safe return. That is what ransomware is all about. Symantec's latest research report suggests police-themed ransomware could be a replacement to the...

[security bulletin] HPSBUX02825 SSRT100974 rev.1 - HP-UX Running Java, Remote Indirect Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03538957 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03538957 Version: 1 HPSBUX02825...

Researcher Develops Patch for Java Zero-Day, Puts Pressure on Oracle to Deliver its Fix

A security researcher has submitted to Oracle a patch he said took him 30 minutes to produce that would repair a zero-day vulnerability currently exposed in Java SE. He hopes his actions will spur Oracle to issue an out-of-band patch for the sandbox-escape vulnerability, rather than wait for the...

OpenJDK: Executors state handling issues (Concurrency, 7189103)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency...

CVE-2012-5089

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than...

Billions of Windows Users Affects with Java Vulnerability

Researchers at Security Explorations disclosed a new vulnerability in Java that could provide an attacker with control of a victim's computer. The researchers have confirmed that Java SE 5 – Update 22, Java SE 6 – Update 35, and Java SE 7 Update 7 running on fully patched Windows 7 32-bit operati...

#Antisec Hackers hack FBI laptop and leak 12 Million Apple Device Records

The hacker group AntiSec released a file of a million and one UDIDs unique device identifiers which it claims to have hacked it off an FBI computer via a Java vulnerability. UDIDs are unique IDs for iPhone, iPad and iPod Touch devices. They said they obtained the file in March by hacking into the...

security researchers found yet another vulnerability in JAVA after update

Oracle released an emergency patch on Thursday for previously unknown Java vulnerabilities that cybercriminals had targeted with popular exploit kits within hours after the bugs' existence became public, security researchers found yet another vulnerability that can be exploited to run arbitrary...

Detecting and Removing Vulnerable Java Versions

As attacks on the new Java zero-day vulnerability continue and researchers look for ways to mitigate the flaw, they are encouraging users to disable Java in their browsers. There is now a site that users can visit that will detect whether their browser is running a vulnerable version of Java...

Details of New Java Exploit Emerge

More details about the new Java zero day vulnerability are emerging, and as the seriousness of the problem has become clear, researchers have recommended that users disable Java altogether for the time being if they don’t have a specific need for it. The vulnerability in Java first emerged late...