So, you thought you were out of the woods with Java? Bad news. You
aren't. Another Java zero-day vulnerability has been found in the wild
by FireEye.
Java v1.6 and Java v1.7 Update 15 on browsers are being targeted this
time around. The previously unknown and unpatched vulnerability exploits
browsers to install a remote-access trojan named McRat.
McRat is a Windows Trojan therefore Windows users are prone to such an
attack. It is not clear whether Mac and Linux users are at risk as well.
According to FireEye researchers;
We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery. Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to 'High' and do not execute any unknown Java applets outside of your organization.
If you are a Windows user and fear such an attack, we would suggest an
uninstallation of Java because, as yet, there are no solutions to this
problem.
The next security updates are scheduled for 16th April but Oracle will
be forced to push an Emergency update in the light of current events.
Cheers!
No comments:
Post a Comment