More Java security woes reported

Oracle’s Java software apparently still isn’t fixed, despite numerous warnings about its vulnerabilities and several major patches the Redwood City corporation has issued in response.

On Monday, Security Explorations — the Polish firm that has discovered many of the flaws — reported finding five more vulnerabilities in the widely used Java.

That followed Thursday’s revelation by security firm FireEye that cyber villains are continuing to use Java’s weaknesses to launch “zero-day” attacks, which exploit previously unknown vulnerabilities.

We detected a brand new Java zero-day vulnerability that was used to attack multiple customers,” FireEye reported. “Specifically, we observed successful exploitation against browsers.”



Share this Post