Recently in Oracle Category

Oracle/Sun today released an update to Java that addresses the 0-day from last week.

Ryan Naraine at Threatpost has a good writeup and screenshots showing the blocking of the testurl that Tavis Ormandy Included in his initial disclosure.

We recommend immediate installation as the exploit has apparently been sighted already on a number of websites

Today Tavis Ormandy published a 0-day vulnerability in Java. His post provides exploit information and a link to a webpage demonstrating the launch of calc.exe on WIndows. The vulnerability allows an attacker to execute remote code on the target machine and can be triggered by a user visiting a simple webpage. It is located in the Java Web Start component and is present on Java running on Windows Operating Systems. There is no patch or official work-around yet, but Tavis provides suggestions on how users can configure their system to defend themselves.

Rubén Santamarta provides additional technical information on the vulnerability and points out that Java on Linux is affected as well.

Our vulnerability research team has confirmed the existence of the vulnerability on Windows and we are releasing a detection under QID 117772 in QualysGuard. We will track the development around this vulnerability and keep you posted.

Reference:

• Summary by Dennis Fisher at ThreatPost