Java, Java and once again Java, the popular framework and its vulnerabilities are becoming a really nightmare for security experts, billion of users and their machines are exposed to a series of attacks that try to exploit flaws in the Oracle software.
Security worldwide community attributes to the Java vulnerabilities the principal responsibilities for recent attacks against IT giants such as Microsoft, Facebook and Apple, but just while all discussing about the repercussion for the presence of 0-days vulnerabilities in the popular software a Polish security firm Security Explorations reported two new Java zero-day vulnerabilities, dubbed “issue 54” and “issue 55,”. Immediately the experts of Security Explorations have provided to Oracle proof of concept on what could be a new disaster for Java under security perspective.
Oracle’s security team has immediately started the necessary verifications, but there are many concerns related the possible presence of security flaws that could allow attackers to bypass Java’s security sandbox compromising target machine making possible the download of malicious code.
Recent incidents have demonstrated that hackers simply compromising a legitimate website with malicious code could exploit Java vulnerabilities in victim’s browser and infect the host.
Softpedia posted an article that reports declaration of Security Explorations CEO Adam Gowdiak:
“Both new issues are specific to Java SE 7 only. They allow to abuse the Reflection API in a particularly interesting way… Without going into further details, everything indicates that the ball is in Oracle’s court. Again.”
If the vulnerabilities will be confirmed Oracle will have to release a new patch as soon as possible to avoid further serious incidents, meantime it is strongly suggested to users to disable Java plugin for their browsers if it is not strictly necessary.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.