Oracle recently released a security advisory for a critical patch for Java, which updates Java 7 to Update 13. (Users of the older Java 6 also received an update, taking them to Update 39.) Accordingly, this advisory addresses several vulnerabilities for the following affected products:
JDK and JRE 7 Update 11 and earlier
JDK and JRE 6 Update 38 and earlier
JDK and JRE 5.0 Update 38 and earlier
SDK and JRE 1.4.2_40 and earlier
JavaFX 2.2.4 and earlier
Fifty vulnerabilities were patched in this update. ...
The "post-PC era" is a phrase which has been a veritable buzzword for some time. However, 2012 saw cybercrime expanding to mobile platforms, highlighting how threats have entered the post-PC era, too.
Mobile Threats: 350,000 and Growing
By the end of 2012, the number of Android malware grew to 350,000. This was a monumental growth from the 1,000 mobile malware we saw at the end of 2011. Much of this growth was driven by adware and premium service abusers, which accounted for ...
Much is being talked about the Oracle fix being incomplete for the recent Java 0-day for CVE-2013-0422. In this post, we would like to take this opportunity to clear a few items around it.
Based on our analysis, we have confirmed that the fix for CVE-2013-0422 is incomplete. There are two issues in this CVE. One is with the findclass method of com.sun.jmx.mbeanserver.MBeanInstantiator class. The other is with invokeWithArguments() method of the java.lang.invoke.MethodHandle class. Oracle has fixed the latter but findclass ...
Blackhole exploit kit (BHEK) spam attacks remain to be a prevalent threat up to this day. In fact, it is one of the top five consumer threats for 2012 due to its use of software vulnerabilities and social engineering tactic of leveraging companies like Verizon, Citibank AT&T, and Western Union among others. Furthermore, there are reports that BHEK recently released updates, which made this threat stealthier than before.
We have continuously monitored this threat and spotted several BHEK campaigns during the ...
A new zero-day exploit in Java has been found in the wild. Currently, this exploit is being used by toolkits like the Blackhole Exploit Kit (BHEK) and the Cool Exploit Kit (CEK).
CEK is the creation of the same author responsible for Blackhole Exploit Kit. It appears to be a high-end version of the more accessible BHEK. Zero-day exploits are first incorporated into CEK and only added into BHEK once they have been disclosed. It has been reported that CEK was being used to ...
