MacNN | Researchers discover new, in-use vulnerability in Java
Mac News Network View: Standard | Headlines | Categorized | Slim
Mac News Network
Mac News iPod News Reviews Forums
 

Desktop Headlines
Researchers discover new, in-use vulnerability in Java
Friday, March 1, 2013 @ 4:06pm

A new vulnerability has been discovered in the latest versions of Java, v1.6 Update 41 and v1.7 Update 15, say researchers from security firms FireEye and Kaspersky Lab. Critically the bug is already being exploited in order to download and install a remote access tool, "McRAT," on targeted computers. The malware is being spread through a JPG file hosted on a Japanese website.



FireEye remarks that the current exploit is inconsistent. It attempts to break through Java security measures by overwriting a large memory chunk, but sometimes fails to download the malware, instead crashing the Java Virtual Machine. Kasperky meanwhile observes that while the attack works against Java 7 Update 15, it fails against older versions. This week's discovery represents the third zero-day Java exploit this year, and has forced Oracle to play a cat-and-mouse game, releasing a string of unplanned updates to keep up. Apple has meanwhile taken steps of its own to protect OS X, not only posting Mac-native Java updates, but in some cases blocking Java outright until Oracle can produce a patch.

Comments on this Article
Print Friendly Version
Email to a Friend
Add MacNN to Your RSS Feeds
Buy from the Apple Store


Related Stories:

Today's MacNN Stories:

  • Company compiles Apple's Swift for use with Android, Windows .NET - 8:37 PM EST
  • Apple to appeal blocked injunction against Samsung products - 4:02 PM EST
  • T-Mobile 'uncarrier' event scheduled for September 10 - 3:12 PM EST
  • Friday Deals: MacBook Air, iPad Air, Kindle Fire HDX, iTunes, more - 2:43 PM EST
  • Leaked iPhone 6 logic board shows NFC chip, 16GB of storage [u] - 2:30 PM EST
  • Forums: Hard Drive ripoffs, new Apple TV channels and more - 2:19 PM EST
  • Apple deals: MacBook Air as low as $779 - 2:19 PM EST
  • DealNN: iPads, iMacs and curved HDTVs - 2:17 PM EST
  • Apple iWatch to be teased at Sept. 9 event, may not ship until 2015 - 1:00 PM EST
  • Chrome 38 beta for Mac makes jump to 64-bit code - 11:35 AM EST
  • Photos show what may be near-complete rear shell for iPhone 6 - 10:27 AM EST
  • NFC chips in iPhone 6 coming from Netherlands' NXP, report says - 9:45 AM EST
  • Briefly: Quora for iPad, OneDrive's new Photos view - 1:59 AM EST
  • Review: Life n Soul BM211 Bluetooth speaker - 1:15 AM EST
  • Autodesk brings iOS photo editor Pixlr to Mac - 12:02 AM EST

    Today's iPodNN Stories:
  • Intel launches Core i7 Extreme Edition processors with 6, 8 cores - 3:15 PM EST
  • Nokia Here maps app heading to Samsung Galaxy phones, Gear S - 1:29 PM EST
  • MSN Messenger shuttering in China by end of October - 11:47 AM EST
  • Nintendo reveals 'New' 3DS, 3DS LL with second analog stick - 9:36 AM EST
  • T-Mobile lays out minimum $35 per share bid for acquisition - 8:42 AM EST
  • No comments posted on this story yet. Please post yours.
    Your Comments
    In order to post comments, you must be a registered member of the MacNN Forums and logged in. Please login with your MacNN Forums username and password.

    MacNN Forums Login:

    MacNN Forums Password:

    Not a member of the MacNN forums? Register now for free.