Java 7 – Dangerous Security Hole Found (Updated)

Java_Logo

Update January 14, 2013

Oracle has released a patch (Java 7 Update 11) to close this security hole.

Instructions on how to download the patch here.


January 11, 2013

US-CERT has released a security advisory warning users about a dangerous Java 7 (and previous version) security hole that would allow an attacker to compromise a computer from an infected website. A user would browse to an infected website and the attack would automatically run in the background using the security hole in Java to install malware and Trojan viruses.

At this time there is no patch to close this security hole.

US-CERT recommends either uninstalling Java from your computer or disable Java in the web browser.

From Sophos.Com: Instructions on how to disable Java from your web browser.

More Information and Related Links:

KrebsOnSecurity:http://krebsonsecurity.com/2013/01/zero-day-java-exploit-debuts-in-crimeware

ThreatPost: http://threatpost.com/en_us/blogs/nasty-new-java-zero-day-found-exploit-kits-already-have-it-011013

TheRegister: http://www.theregister.co.uk/2013/01/10/java_0day/

FireEye: http://blog.fireeye.com/research/2013/01/happy-new-year-from-new-java-zero-day.html

This entry was posted in Java, Malware, Anti-Virus, Phishing, Scams, Safe Computing. Bookmark the permalink. Both comments and trackbacks are currently closed.