Search the Community
Showing results for tags 'java'.
Found 2 results
-
Java now requires explicit permission to run in the latest version of Firefox, thanks to a patch that rolled out late last week. Developers at Mozilla, the not-for-profit behind Firefox, are hoping that it will help protect end users from the notoriously unsafe browser plugin – but many have complained that the move has disrupted their businesses (and even the entire nation of Denmark). Since January, the browser has already blocked out-of-date (and vulnerable) versions of Java. However, in the wake of a particularly nasty SSL-decrypting exploit, Firefox devs made the decision to prevent any version of Java from auto-running. View the full article
-
A previously unknown and currently unpatched security hole in the latest version of the Java software framework is under attack online, according to security researchers and bloggers. Attack code that exploits vulnerability in Java's browser plugin has been added to the Blackhole, Cool, Nuclear Pack, and Redkit exploit kits, according to the Malware Don't Need Coffee blog, prompting its author to say that the bug is being "massively exploited in the wild." Miscreants use these products to turn compromised websites into platforms for silently installing keyloggers and other types of malicious software on the computers of unsuspecting visitors. KrebsOnSecurity reporter Brian Krebs said the curators of both Blackhole and Nuclear Pack have taken to the underweb to boast of the addition to their wares. It's not yet clear how many websites have been outfitted with the exploits. According to researchers at Alienvault Labs, the exploits work against fully patched installations of Java. Attack files are highly obfuscated and are most likely succeeding by bypassing security checks built in to the program. KrebsOnSecurity said the malware authors say the exploits work against all versions of Java 7. Analysis from antivirus provider Kaspersky Lab indicates the exploits are already deployed on a variety of websites. View the full article