More Java security woes reported

Oracle’s Java software apparently still isn’t fixed, despite numerous warnings about its vulnerabilities and several major patches the Redwood City corporation has issued in response.

On Monday, Security Explorations — the Polish firm that has discovered many of the flaws — reported finding five more vulnerabilities in the widely used Java.

That followed Thursday’s revelation by security firm FireEye that cyber villains are continuing to use Java’s weaknesses to launch “zero-day” attacks, which exploit previously unknown vulnerabilities.

We detected a brand new Java zero-day vulnerability that was used to attack multiple customers,” FireEye reported. “Specifically, we observed successful exploitation against browsers.”


Steve Johnson Steve Johnson (298 Posts)

Steve Johnson covers the microchip industry, cyber security and the big-technology sector that includes Hewlett-Packard, Oracle and Cisco Systems.