Posted by JimK

JAVA ZERO-DAY EXPLOIT ON SALE FOR ‘FIVE DIGITS’

Miscreants in the cyber underground are selling an exploit for a previously undocumented security hole in Oracle’s Java software that attackers can use to remotely seize control over systems running the program, KrebsOnSecurity has learned.

The flaw, currently being sold by an established member of an invite-only Underweb forum, targets an unpatched vulnerability in Java JRE 7 Update 9, the most recent version of Java (the seller says this flaw does not exist in Java 6 or earlier versions).

According to the vendor, the weakness resides within the Java class “MidiDevice.Info,” a component of Java that handles audio input and output. “Code execution is very reliable, worked on all 7 version I tested with Firefox and MSIE on Windows 7,” the seller explained in a sales thread on his exploit. It is not clear whether Chrome also is affected. “I will only sell this ONE TIME and I leave no guarantee that it will not be patched so use it quickly.”

I have repeatedly urged readers who have no use for Java to remove it from their systems entirely. This is a very complex program that is widely installed (Oracle claims that some 3 billion devices run Java), and those two qualities make it a favorite target for attackers.

Apple has taken steps to unplug Java from the browser in OS X, and this is the very approach recommended for users who need Java for specific Web sites or applications (see: http://krebsonsecurity.com/how-to-unplug-java-from-the-browser), I would suggest a two-browser approach. If you normally browse the Web with Firefox, for example, consider disabling the Java plugin in Firefox, and then using an alternative browser (Chrome, IE9, Safari, etc.) with Java enabled to browse only the site that requires it.

  • Welcome!

    The concept behind Pleasant View Homes is to create and maintain a quality living environment whereby our neighborhood is a great place in which to live and our property values continue to increase. The best way to achieve these goals is to communicate with one another and to share ideas and concerns.

  • COVID-19

    Please visit the CDC website for information about COVID-19 (CoronaVirus): www.cdc.gov

    If you are an at-risk person living in Pleasant View and need help getting groceries, running errands, etc, please send an email to: communityhelp. Along with your request, please include information on how best to contact you. Your email will be distributed to a group of other residents who have expressed interest in helping out.

    If you are a healthy person living in Pleasant View who has not had contact with someone who is a confirmed case and are able to help out a neighbor, please email the administrator and you will be added as a recipient of all emails that are sent to the above communityhelp email group. Please include your full name and address.

  • Receive Notifications

  • Meta