For that reason, we consider this Java update fairly critical. Recently, attackers have increasingly targeted new Java vulnerabilities to leverage in their drive-by download attacks. Some of the other vulnerabilities allow an attacker to launch Denial of Service attacks or to expose sensitive information on your users’ computer. If your user has local administrative privileges, the attacker could potentially leverage these flaws to gain complete control of that user’s machine. In the worst case, if your users visit such a site, an attacker could leverage some of these Java flaws to execute attack code on your user’s computer. While the vulnerabilities differ quite a bit technically, an attacker can exploit many of them in a similar manner – by enticing your users to a malicious web page containing specially crafted Java. Yesterday, Oracle released a security alert warning of 21 vulnerabilities that affect all previous versions of Sun JRE (as well as Sun Java SDK) running on Windows, Solaris and Linux platforms. Oracle’s Sun Java Runtime Environment (JRE) is one of the most popular Java interpreters currently used. Most operating systems today implement a Java interpreter to recognize and process Java code from websites and other sources. Java is a programming language (first implemented by Sun Microsystems) used most often to enhance web pages. What to do: Install the appropriate JRE (or JDK) update as soon as possible.Impact: Various results in the worst case, an attacker can gain complete control of your computer.How an attacker exploits them: Multiple vectors of attack, including luring your users to a malicious web page containing specially crafted Java.These vulnerabilities affect: All versions of Sun Java Runtime Environment (JRE) and Java Development Kit (JDK) released before 14 February, running on Windows, Solaris, and Linux platforms.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |