Big Business continues to ignore the Java threats

Big Business continues to ignore the threat that in itself can conceal the use of outdated versions of Java, the company said in a research Websence. According to this the company, about four fifths Java users in the corporate sector are not using the latest version of this environment .

Having missed the part of corporate traffic through its own cloud computing Websence ThreatSeeker Intelligence Cloud, the company found that about 40 % Java-queries go through interpreter Java 6 Standard Edition, though, that the version of Java 7 Standard Edition was released two years ago. Oracle completed the technical support Java 6SE in April of this year.

The analyst said that some may use the Java SE 6 for compatibility reasons , but most people are in danger of hacking exploits due to obsolete versions of the product. The general trend also indicates that about 81 % of browsers are vulnerable to at least two fresh problems with Java - CVE- 2013 -2473 and CVE- 2013 - 2463 identified in June of this year.

Oracle released a quarterly patch set, 128 patches

Oracle yesterday released a big quarterly patch set, consisting of 128 individual patches for nearly one hundred products of the company.

According to the Oracle, four patches are for the flagship DBMS Oracle, all of which allow remote execution and represent a critical danger as they allow an attacker to obtain data on the server without the need to enter login and password.

Another 29 patches are for various products Oracle Fusion Middleware, 22 of which can be used remotely without the proper authentication server. Affected products include GoldenGate Veridata, JRockit, Webcenter and Weblogic. For application servers Corporation also manufactures a wide range of fixes: patches will be released for E-Business Suite (6 patches), Supply Chain Products Suite (3 patches), PeopleSoft (11 patches) and Oracle Siebel CRM (8 patches).

Oracle re-releases emergency patch for Java

Already managed to download the latest Java 6 and 7 on their PCs and laptops c java.com? Well, you can come back to this site and download the new version again Java. Today, Oracle has released, is the fourth in the last four weeks update for Java. This time, the company claims that the new version has been fixed the vulnerability, which used to infest the Trojan McRat, by which malicious users already have access to user data

According to the Oracle Technology Network, in newer versions of Java 6 Update 41 and Java 7 Update 17 Repair holes used by the Trojan. In Oracle encourages users to upgrade to the new version of Java "as soon as possible." According to the company FireEye, vulnerability occurs when a user visits a malicious website, which trigger the Java Plugin, and the user's computer is loaded with malicious code.

Daniel Kindlund, a specialist company FireEye, said that their company has several large customers have reported incidents of Java-vulnerability.

The discovery of new vulnerabilities in the latest version of Java

System compromise in Java

Experts of Security Explorations reported Oracle developers of two gap, allowing completely bypass sandbox restrictions Java.

According to the new notification researchers Security Explorations, the latest version of Java were discovered two new vulnerabilities that can completely bypass the restrictions built into the platform sandbox. Thus, according to the expert Adam Gowdiak, gaps affect current versions of Java 7 SE, in particular component Reflection API, which you can get around the limitations "in an interesting way."

Govdiak also said that he tested the original release of Java SE 7, Java SE 7 Update 11 and Java SE 7 Update 15. According to Security Explorations, Oracle developers have already received all the information and PoC-code, and pledged to take action.

Oracle today released a new update for Java

Oracle today released a new update for the client Java, eliminating several previously identified vulnerabilities in the security of the common environment and eliminating the possibility of multiple zero-day vulnerabilities in browsers.

New updates Java 7 Update 15 and Java 6 Update 41 liquidate five critical vulnerabilities that have not been eliminated on February 1, when Oracle has released an update for the planned Java 7 and 6. Note that even if Oracle had violated accepted quarterly schedule release patches for Java, to eliminate a previously identified critical vulnerabilities actively exploited by hackers.

Now it is reported that four of the five vulnerabilities in Java can be used via Java Web Start on the desktop. Three of these vulnerabilities are the 10th, the highest level of hazard adopted in rating scale Oracle Common Vulnerability Scoring System. This means that they work on all systems where Java is available and allows you to log into the OS with administrator privileges. However, on Linux and Solaris Java environment does not run with administrator privileges, because the risk is lower.

Critical Update Java SE 7 Update 13

Oracle has unveiled the largest in the history of updates to fix security problems in Java SE - Java SE 7 Update 13 and Java SE 6 Update 39, which eliminated the 50 vulnerabilities, 26 of which have been assigned the highest level of risk.

Critical Update Java SE 7 Update 13 with the removal of 50 uyazvimosteyKompaniya Oracle introduced the biggest in the history of updates to fix security problems in Java SE - Java SE 7 Update 13 and Java SE 6 Update 39, which eliminated the 50 vulnerabilities, 26 of which have been assigned the highest level of danger (CVSS Score 10.0), implying the possibility of going beyond an isolated virtual machine environment and the initiation of the code in the system when processing specially decorated content. Initially, the minor release was scheduled for February 19, but was released early, as one critical vulnerability patched in the browser Java-Plugin has a zero-day nature of the problem for which the network has already recorded facts of exploitation.

Apple has blocked Java in Mac OS X

Apple has blocked Java in Mac OS X due to the fact that Oracle is still not fix the vulnerability.

January 25, Saturday, the Mac OS X users suddenly faced with the fact that programs written in the programming language Java, stopped working. So, Apple has blocked Java because of security problems.

Java enables programmers to develop many web-based applications and cross-platform applications that are installed on different operating systems, including Mac OS X also from Apple. Recall that in early January, the U.S. Department of Homeland Security recommended to disable Java in the web-browser to prevent possible hackers. Oracle has released updates for known vulnerabilities in Java, however, ministry officials believe that Java still has gaps.

New vulnerability in Java

New vulnerability in Java calls into question the effectiveness of protection against exploits.

Researchers discovered vulnerabilities to bypass security settings Java, designed to protect against hidden exploits.

Researchers from security company Security Explorations managed to find vulnerabilities in the security Java, which are designed to provide protection against hidden exploits. The flaw allows potential attackers to bypass security restrictions and perform 'drive-by' attack in the victim's browser.

Note that the user needs the ability to specify the security settings introduced by developers in December last year in Java 7 Update 10. They allow you to set limits on the run Java applications in web-browser. In this case the most "robust" safety of the four possible to block all applications that do not have a legitimate signature.

At the same time, the head of Security Explorations Adam Gowdiak, none of the proposed restrictions can resist intruders.

Oracle has eliminated a serious vulnerability in the Java Browser

Oracle has released an update that closes the dangerous vulnerability in the software platform, Java, said the online Oracle.

It came three days after the experts division of Homeland Security United States to counter cyber threats (US-CERT) urged users to disable the add-in Java for browsers because of the danger discovered vulnerabilities.

Vulnerability used real Trojan Mal / JavaJar-B, included with packages hacker Blackhol and NuclearPack. She attacked the system based on Windows and Linux.

In addition to the vulnerability, which experts warned US-CERT, update fixes another similar error in Java. Both vulnerabilities allow attackers to gain unauthorized access to your computer, run the arbitrary code. According to the company, the update changes the way people interact with applets, a default security level is increased to medium to high. This now means that every time you run an unsigned Java-based applications will be requested by the sanction.

Oracle knew about the presence of 0-day Java vulnerabilities in April

Security Explorations company said it released Oracle solution does not correct all vulnerabilities in Java

Oracle has released a security alert, which eliminated the zero-day vulnerability in Java (CVE-2012-4681). Recall that last week of the first public exploit this vulnerability reported Atif Mushtaq from the company FireEye. According to experts, hackers used a gap in Java for the implementation of targeted attacks, but in the near future to exploit it was supposed to be accessible to a wide range of cyberhawks.

The next day, the company Rapid 7 said about adding a module to exploit CVE-2012-4681 for a tool to pentesterov Metasploit, and Brian Krebs, citing its own sources, said that his version of the exploit works and authors BlackHole. Quoting one of the leaders of BlackHole, Krebs wrote that the price of such an exploit could be about $ 100,000.

Oracle has released patches for urgent Java 6 and 7

Extraordinary patch for an 0-day vulnerability

Oracle has released extraordinary patch for an 0-day vulnerability, which in recent days have begun to actively exploit some cybercriminal groups.

Updates for JDK and JRE 6 Update 7, JDK and JRE 6 Update 34 contains patches for four vulnerabilities Java, including the notorious CVE-2012-4681. Oracle has emphasized: given the danger of this threat, it is strongly recommended that all users install the patch data as soon as possible.

The vulnerability affects only the desktop version of the plugin Java, working through a web browser, they do not touch the server version or separate Java-applications.