New Java exploit sells for $5000 on black web; possible threat to millions of PCs

Another previously unpublicized flaw in Java threatens the security of millions of PCs that may still have the application running on it.

By John P. Mello Jr., PC World |  Security, java, Java exploit

In addition to addressing the Zero Day vulnerability in Sunday's patch, Oracle also boosted Java's security setting to "high" by default. "That means that right now the user has to authorize the execution of Java applets that are not signed with a valid certificate," explained Jaimie Blasco, manager of AlienVault Labs, in an email.

While that move is a great step toward making Java more secure on a browser, Blasco noted, it is far from a panacea for Java's problems.

"In the past, we have seen that the attackers were able to steal a valid certificate to sign malicious code so it won't surprise me if we see this technique being used," he said.

Because Java appears to be riddled with vulnerabilities, Bitdefender's Botezatu recommends Oracle identify the core components of the software and rewrite it from scratch.

No doubt, more than a little rewriting of the software will be done when Oracle releases the next version of Java scheduled for September.


Originally published on PC World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question