Warning: Java Zero Day Flaw Under Attack

[JMH]

Java is under attack again. A zero-day vulnerability in Java is being actively exploited in the wild. The current attacks seem to be targeted, but security experts warn that more widespread attacks could be imminent.

Next to Adobe Reader and Adobe Flash, Java is probably one of the most ubiquitous and widely used applications. Unfortunately, it also provides attackers with plenty of holes and vulnerabilities to exploit, which makes it a popular target.

Proof-of-concept (PoC) code has been developed for the Metasploit Framework tool. Wolfgang Kandek, CTO of Qualys, explains that this is concerning because it makes the exploit available to a much wider audience, and probably means more attacks targeting the Java vulnerability are on the horizon.

http://www.pcworld.com/businesscent...a_zero_day_flaw_under_attack.html#tk.rss_main

 

[JMH]

Attackers Pounce on Zero-Day Java Exploit

Attackers have seized upon a previously unknown security hole in Oracle’s ubiquitous Java software to break into vulnerable systems. So far, the attacks exploiting this weakness have been targeted and not widespread, but it appears that the exploit code is now public and is being folded into more widely-available attack tools such as Metasploit and exploit kits like BlackHole.

http://krebsonsecurity.com/2012/08/...ign=Feed:+KrebsOnSecurity+(Krebs+on+Security)