Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Java bug exposes users to serious code-execution risk

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Regular Members: Our Regular Members are invited to start and/or participate in all other topics. Join in and share the news that's important to you.

Java bug exposes users to serious code-execution risk

Unread postby Sludge3000 » April 12th, 2010, 6:00 am

Researchers have discovered a flaw in the latest version of Oracle's Java runtime environment that attackers can exploit to remotely execute malicious code on end user machines.

The bug in the Java Web Start component has been confirmed exploitable on all recent versions of Windows by Tavis Ormandy, a security researcher who prefers his employer not be named. Fellow researcher Ruben Santamarta of Spain-based security firm Wintercore, said a related flaw potentially affects Linux users as well.

Both researchers stressed the ease in which attackers can exploit the bug using a website that silently passes malicious commands to various Java components that jump-start applications in Internet Explorer, Firefox, and other browsers. Ormandy said he alerted Java handlers in Oracle's recently-acquired Sun division to the threat but "they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle."


Full story @ The Register
User avatar
Sludge3000
Regular Member
 
Posts: 695
Joined: April 15th, 2009, 3:47 pm
Location: Somewhere fluffy
Advertisement
Register to Remove

Re: Java bug exposes users to serious code-execution risk

Unread postby Sludge3000 » April 15th, 2010, 4:14 am

Update:
A popular song lyrics website has been found serving attack code that tries to exploit a critical vulnerability in Oracle's Java virtual machine, which is installed on hundreds of millions of computers worldwide.

The site, songlyrics.com, is serving up javascript that invokes the weakness disclosed last week by security researcher Tavis Ormandy. After determining that the bug made it trivial for attackers to remotely execute malicious code on end-user machines, he said he alerted Java handlers inside Oracle's Sun division, but they decided no patch was necessary outside of the next update release scheduled for July.


Full story @ The Register
User avatar
Sludge3000
Regular Member
 
Posts: 695
Joined: April 15th, 2009, 3:47 pm
Location: Somewhere fluffy


  • Similar Topics
    Replies
    Views
    Last post

Return to News Desk



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware