Billions of Computers Compromised in Zero Day Java Exploit
Tread carefully on the Internet, surf ninja. That's always sound advice, but it's especially important now to be extra cautious, particularly if you use Java. Researchers at Security Explorations discovered a zero-day exploit in multiple versions of Java that could affect over a billion PCs around the globe.
Technical details of the exploit are still being withheld, but what we do know is that it affects Java Standard Edition (SE) versions 5, 6, and 7. It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are safe from what takes place inside the Virtual Machine.
Security Explorations said it conducted successful tests of the exploit on Java SE 5 Update 22, Java SE 6 Update 35, and Java SE 7 Update 7, all using a fully patched install of Windows 7 32-bit and on nearly half a dozen web browsers, including Firefox 15.0.1, Google Chrome 21.0.1180.89, Internet Explorer 9.0.8112.16421 (update 9.0.10), Opera 12.02 (build 1578), and Safari 5.1.7 (3534.57.2).
"We hope that a news about one billion users of Oracle Java SE software being vulnerable to yet another security flaw is not gonna spoil the taste of Larry Ellison's morning...Java," quipped Adam Gowdiak, CEO of Security Explorations.
Zing!
Technical details of the exploit are still being withheld, but what we do know is that it affects Java Standard Edition (SE) versions 5, 6, and 7. It's an especially nasty bug that would allow an attacker to worm his way out of the confines of a sandbox, where normally users' main systems are safe from what takes place inside the Virtual Machine.
Security Explorations said it conducted successful tests of the exploit on Java SE 5 Update 22, Java SE 6 Update 35, and Java SE 7 Update 7, all using a fully patched install of Windows 7 32-bit and on nearly half a dozen web browsers, including Firefox 15.0.1, Google Chrome 21.0.1180.89, Internet Explorer 9.0.8112.16421 (update 9.0.10), Opera 12.02 (build 1578), and Safari 5.1.7 (3534.57.2).
"We hope that a news about one billion users of Oracle Java SE software being vulnerable to yet another security flaw is not gonna spoil the taste of Larry Ellison's morning...Java," quipped Adam Gowdiak, CEO of Security Explorations.
Zing!
