New Java vulnerability is being exploited in the wild

TNW

FireEye offered the following details in regards to the latest Java failure:

Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero.

Upon successful exploitation, it will download a McRAT executable from same server hosting the JAR file and then execute it.

Just Another Vulnerability Announced.

Apple updates Java for Snow Leopard following blockage

CNet:

Following a recent addition of Java to its plug-in blacklist, Apple has issued an update to its supported Java versions.

Following another recent security issue with Java, Apple issued an update that added the latest versions to the system’s browser plug-in blacklist to protect users from any potential threats; however, in doing so it silently blocked a number of people from accessing required Java content, such as banking and financial Web sites.

Unfortunately, some still need Java. You can also go to

Java.com

Critical Java vulnerabilies confirmed in latest version

ArsTechnica:

Security researchers have confirmed that the latest version of Oracle’s Java software framework is vulnerable to Web hacks that allow attackers to install malware on end users’ computers.

Java is the new Flash Player.

Malware masquerades as patch for Java

Computerworld:

The latest version of Java is Update 11. Trend Micro wrote on its blog that it was alerted to a fake “Java Update 11″ present on at least one website. If a user installs the bogus update, a malicious backdoor program is downloaded.

Only install Java using the update utility on windows, software update on OS X, or go directly to Java.com

Apple-provided Java plug-in removed with software update

Appleinsider:

Apple on Tuesday rolled out two Java updates, one for OS X 10.6 Snow Leopard and another for OS X 10.7 Lion and OS X 10.8 Mountain Lion, the latter offering improved security by uninstalling the Apple-provided Java applet plug-in from all web browsers.

Apple-provided Java plug-in removed with software update

Apple releases updates for Java for Snow Leopard, Lion, and Mountain Lion. If you have Lion or Mountain Lion, and never installed Java, you won’t see an update.

Critical bug in newest Java gives attackers complete control of PCs

Ars Technica:

Researchers said they’ve uncovered a flaw in the Java 7 update released by Oracle on Thursday that allows attackers to take complete control of end-user computers.

Java, the new Flash.

Critical bug in newest Java gives attackers complete control of PCs

Oracle patches version 7 of Java to address vulnerabilities.

If you have not installed Java on Lion or Mountain Lion, you’re safe and don’t need this update.

Oracle patches version 7 of Java to address vulnerabilities.

Apple updates Java for OS X.

Continue reading →

Java vet says Google ‘slimed’ Sun

Electronista:

Java pioneer James Gosling has criticized Google for the tactics it used in going without a Java license for Android. He argued that, despite former Sun chief Jonathan Schwartz saying Sun couldn’t sue Google, the decision to skip a license still hurt the company. Google “totally slimed” Sun, and even Schwartz was tolerating the action rather than endorsing it.

“He just decided to put on a happy face and tried to turn lemons into lemonade, which annoyed a lot of folks at Sun,” Gosling said of the executive.

Gosling had at one point worked with Google but left the company after just months.