BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Filter:

Posts Tagged ‘java’

Java-Logo

Recently Patched Java Vulnerability Exploited In the Wild: How (Not) Surprising

Posted April 23, 2013    BeyondTrust Research Team

A type confusion vulnerability, recently patched in Java 7u21 and Java 6u45, has been spotted in the wild. According to a recent blog post from F-Secure, exploitation of CVE-2013-2423 started shortly after April 21st, 2013 and continues. Given what we know about Java, none of this is surprising. “Why?!” you may ask, “didn’t we all…

Tags:
, , , , , , , , , , , ,
oracle-logo-98x98

Java: Sizeable Critical Patch Update and Two Sugars, Please

Posted April 15, 2013    BeyondTrust Research Team

Oracle is rolling out yet another Critical Patch Update (CPU) for Java – and this time they’ve fixed 39 remotely exploitable vulnerabilities. This is not to say that all of these vulnerabilities may provide an attacker with remote code execution. However, the highest CVSS Base Score of all the vulnerabilities was a 10.0, meaning that…

Tags:
, , , , , ,

Java/IE 0days Put to Bed

Posted January 14, 2013    BeyondTrust Research Team

Over the past two days, two actively exploited 0day vulnerabilities got patched. Yesterday, Oracle addressed the 0day in Java, CVE-2013-0422, with an new update, Java 7u11. Today, Microsoft addressed the 0day in Internet Explorer 6-9, CVE-2012-4792, with MS13-008. In addition to fixing the 0day vulnerability, the Java update changes the default security level setting from…

Tags:
, , , , ,
java7

Java Zero Day Exploit – Java 7 Not the Answer

Posted January 10, 2013    BeyondTrust Research Team

A new Java zero-day vulnerability has been seen exploiting hundreds of thousands of machines. This 0day has already been incorporated into Cool Exploit Kit and Blackhole, in addition to Nuclear Pack and Redkit. This vulnerability affects Java 7 versions up to and including the current version of Java, 7u10. It should be noted that while…

Tags:
, , , , , ,
Java-Logo

JRE 6 automatic upgrade to JRE 7, coming soon

Posted December 19, 2012    BeyondTrust Research Team

Starting this month, Oracle will be automatically replacing Java Runtime Environment (JRE) 6 installations with JRE 7 installations on a small amount of users’ systems (the users are randomly chosen). This will be done to ensure that the automatic upgrading mechanism is working properly. In February 2013, the last public version of JRE 6 (Java…

Tags:
, , , , , , ,
img13

4 Tips to Identify, Patch & Report on the Oracle Java Vulnerability

Posted September 7, 2012    Jerome Diggs

Last week our security research team provided some very enlightening information on a nasty Oracle Java vulnerability that until recently was a zero-day.  Oracle provided a patch for the vulnerability found in advisory (CVE-2012-4681)  and as a follow-up to the blog post by our security research team we wanted to share with you some easy…

Tags:
, , , , ,
Java-Logo

Java Pwns Everyone…Again.

Posted August 30, 2012    BeyondTrust Research Team

Java has a nasty habit of getting you owned. This latest 0day is no exception to the long-lived trend of reliable Java-based exploitation. Here’s what you need to know: The current exploitation method being employed in the wild right now leverages two zero day flaws in Java. The first flaw leverages an implementation issue (logic bug) within ClassFinder.findClass(), which is only present in Java 7.

Tags:
, , , , , , , ,
Chrome-No.-1-Browser-98x98

Chrome continues its march to security domination. We nod knowingly.

Posted May 22, 2012    The eEye Research Team

As security researchers, we’re always looking for ways to put the security conversation in the spotlight; be it an interesting fact, figure or editorial. By now you’ve probably read about how Google Chrome has achieved the number one browser position, worldwide (according to StatCounter). Coming in at about 32.76% of the global browser market share,…

Tags:
, , , , , , ,