Page 2 of 5 FirstFirst 12345 LastLast
Results 11 to 20 of 47

Thread: Java JRE updates/advisories

  1. #11
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java v7u11 released

    FYI...

    Java v7u11 released - Download
    - http://www.oracle.com/technetwork/ja...s-1880260.html
    Jan 13, 2013

    Release Notes
    - http://www.oracle.com/technetwork/ja...s-1896856.html
    "... This release contains fixes for security vulnerabilities. For more information, see Oracle Security Alert for CVE-2013-0422*..."
    * http://www.oracle.com/technetwork/to...2-1896849.html

    > http://www.oracle.com/technetwork/to...l#AppendixJAVA
    2013-January 13

    - https://blogs.oracle.com/security/en...t_for_cve_2013
    Jan 13, 2013 - "... The vulnerabilities addressed with this Security Alert are CVE-2013-0422 and CVE-2012-3174. These vulnerabilities, which only affect Oracle Java 7 versions, are both remotely exploitable without authentication and have received a CVSS Base Score of 10.0. Oracle recommends that this Security Alert be applied as soon as possible because these issues may be exploited “in the wild” and some exploits are available in various hacking tools..."

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2013-0422 - 10.0 (HIGH)
    "... vulnerability in Oracle Java 7 before Update 11..."
    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-3174 - 10.0 (HIGH)
    "... vulnerability in Oracle Java 7 before Update 11..."

    Last edited by AplusWebMaster; 2013-01-19 at 14:39.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #12
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation New Java 0-day exploit - 2013.01.16

    FYI...

    New Java 0-day exploit - $5,000 per Buyer
    - https://krebsonsecurity.com/2013/01/...000-per-buyer/
    Jan 16, 2013 - "Less than 24 hours after Oracle patched a dangerous security hole in its Java software that was being used to seize control over Windows PCs, miscreants in the Underweb were already selling an exploit for a different and apparently still-unpatched zero-day vulnerability in Java... The hacker forum admin’s message... promised weaponized and source code versions of the exploit. This seller also said his Java 0day — in the latest version of Java (Java 7 Update 11) — was not yet part of any exploit kits, including the Cool Exploit Kit... this same thing happened not long after Oracle released a Java update in October; a few weeks later, a Java 0day was being sold to a few private users on this same Underweb forum..."
    - http://www.nbcnews.com/technology/te...main-1B7956548
    "... Some security consultants are advising businesses to remove Java from the browsers of all employees except for those who absolutely need to use the technology for critical business purposes. HD Moore... said it could take two years for Oracle to fix all the security bugs that have currently been identified in the version of Java that is used for surfing the Web..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #13
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 7u11 vulnerable ...

    FYI...

    Java 7u11 vulnerable
    - http://seclists.org/fulldisclosure/2013/Jan/142
    18 Jan 2013 - "... We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21)... two new security vulnerabilities (51 and 52) were spotted in a recent version of Java SE 7 code and they were reported to Oracle today [4] (along with a working Proof of Concept code)..."

    - http://arstechnica.com/security/2013...atest-version/
    Jan 18, 2013 - "... researchers have confirmed that the latest version of Oracle's Java software framework is vulnerable to Web hacks that allow attackers to install malware on end users' computers... As Ars has advised in the past, readers who have no use for Java should consider removing program plug-ins from their browsers, or uninstalling Java altogether from their computer..."

    How to uninstall: https://www.java.com/en/download/uninstall.jsp

    - http://www.securitytracker.com/id/1028019
    Jan 19 2013
    Impact: Execution of arbitrary code via network, User access via network
    Vendor Confirmed: Yes
    Version(s): 7 Update 11; possibly prior versions
    Description: Two vulnerabilities were reported in Oracle Java. A remote user can cause arbitrary code to be executed on the target user's system.
    A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
    The vendor was notified on January 18, 2013...
    Solution: No solution was available at the time of this entry...

    - http://www.hotforsecurity.com/blog/p...orne-5032.html
    Jan 14, 2013 - "... Exploit prevalence – breakdown by country for the past three days"
    > http://www.hotforsecurity.com/wp-con...stribution.png

    - https://blogs.technet.com/b/mmpc/arc...edirected=true
    20 Jan 2013 - "... since the public disclosure happened a few days ago, the samples and telemetry are increasing drastically, almost catching up with previous major Java vulnerabilities (CVE-2012-4681, CVE-2012-5076). The one notable thing is that we've started seeing multi-exploit samples combining CVE-2013-0422 and CVE-2012-1723*... The strategy of this combined exploit is that by sending one exploit code, they can cover any vulnerable Java 6 installations (up to JRE 6u32) and vulnerable Java 7 installations (up to JRE 7u10) at one time. As for JRE 7, CVE-2012-1723 is only applicable up to JRE 7u4, they can abuse CVE-2013-0422** to cover JRE 7u5 to 7u10 for exploitation..."
    * https://web.nvd.nist.gov/view/vuln/d...=CVE-2012-1723 - 10.0 (HIGH)

    ** https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0422 - 10.0 (HIGH)

    - http://atlas.arbor.net/briefs/index#848588693
    Oracle's Java Patch Shipped with Additional Vulnerabilities...
    Elevated Severity
    January 23, 2013
    The latest version of Java did not fully address the most recent security issue, and other issues have been found.
    Analysis: Java is a very hot attack target for some time, implicated in many attacks ranging from commodity cybercrime to targeted espionage attacks. Properly hardening and restricting Java is critical if an organization requires it's use. If java, and other plug-ins are not required for core functionality, they should be removed from controlled environments in order to reduce security risks. The general principle of hardening included reducing the attack surface by giving attackers less to attack...
    - http://atlas.arbor.net/briefs/index#753048269
    Severity: High Severity
    January 28, 2013
    Java: still problematic despite progress being made.
    Analysis: Containing Java is important - restrict it to browsers that are only used for sites that must require it. Click-to-run techniques inside modern browsers can help reduce the attack surface. Additionally, Java User-Agents crossing the wire in a post-compromise scenario can be detected and action taken when such activity is unexpected. Sniffing the wire for older versions of Java is even more effective, as the chance of a compromise traffic is even higher.
    Source: http://seclists.org/fulldisclosure/2013/Jan/241?

    Last edited by AplusWebMaster; 2013-01-30 at 05:22.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #14
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Java v7u13 released

    FYI...

    Java v7u13 released
    - http://www.oracle.com/technetwork/ja...s-1880260.html
    Feb 1, 2013

    JRE 7u13
    - http://www.oracle.com/technetwork/ja...s-1880261.html

    - https://www.java.com/en/download/manual.jsp

    Release Notes
    - http://www.oracle.com/technetwork/ja...s-1902884.html
    This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory*.

    * http://www.oracle.com/technetwork/to...e-1841196.html

    - http://www.oracle.com/technetwork/to...l#AppendixJAVA

    - https://blogs.oracle.com/security/en...l_patch_update
    Feb 01, 2013 - "... contains fixes for -50- security vulnerabilities. 44 of these vulnerabilities only affect client deployment of Java..."

    Oracle Java SE Critical Patch Update Advisory - February 2013
    - http://www.oracle.com/technetwork/to...3-1841061.html
    Note: The original Critical Patch Update for Java SE – February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation “in the wild” of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update...

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1489 - 10.0 (HIGH)
    ___

    JRE 6u39
    - http://www.oracle.com/technetwork/ja...s-1902815.html

    - http://www.oracle.com/technetwork/ja...s-1902886.html
    ___

    - http://www.securitytracker.com/id/1028071
    CVE Reference: CVE-2012-1541, CVE-2012-1543, CVE-2012-3213, CVE-2012-3342, CVE-2012-4301, CVE-2012-4305, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0436, CVE-2013-0437, CVE-2013-0438, CVE-2013-0439, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0447, CVE-2013-0448, CVE-2013-0449, CVE-2013-0450, CVE-2013-1472, CVE-2013-1473, CVE-2013-1474, CVE-2013-1475, CVE-2013-1476, CVE-2013-1477, CVE-2013-1478, CVE-2013-1479, CVE-2013-1480, CVE-2013-1481, CVE-2013-1482, CVE-2013-1483, CVE-2013-1489
    Feb 1 2013
    Impact: Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 5.0 Update 38 and prior; 6 Update 38 and prior; 7 Update 11 and prior...
    Solution: The vendor has issued a fix as part of the Oracle Java SE Critical Patch Update Advisory for February 2013. The vendor's advisory is available at:
    - http://www.oracle.com/technetwork/to...3-1841061.html

    - http://www.kb.cert.org/vuls/id/858729
    Last Updated: 05 Feb 2013
    ___

    - https://blogs.oracle.com/security/en...2013_critical#
    Update Feb 08, 2013: "... As a result of the accelerated release of the Critical Patch Update, Oracle did not include a small number of fixes initially intended for inclusion in the February 2013 Critical Patch Update for Java SE. Oracle is therefore planning to release an updated version of the February 2013 Critical Patch Update on the initially scheduled date. This updated February 2013 Critical Patch Update will be published on February 19th..."

    Last edited by AplusWebMaster; 2013-02-18 at 12:25.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #15
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 7u15 released

    FYI...

    - https://secure.dslreports.com/forum/r28039102-
    2013-02-23 - "With the last 2 Java updates on my XP box (7_13 & 7_15), I received the offer of a McAfee Security Scan which I declined. The same updates on my Vista box offered the installation of the Ask.com toolbar which I also declined..."

    - https://encrypted.google.com/
    Tag-along software installs
    "... About 35,500,000 results..." < 3.15.2013
    ___

    IBM Java Multiple Vulnerabilities
    - https://secunia.com/advisories/52308/
    Release Date: 2013-03-01
    Criticality level: Highly critical
    Impact: Privilege escalation, DoS, System access, Manipulation of data, Exposure of sensitive information
    Where: From remote...
    Original Advisory: http://www.ibm.com/developerworks/java/jdk/alerts/
    ___

    Java 7u15 released - JRE
    - http://www.oracle.com/technetwork/ja...s-1880261.html
    Feb 19, 2013

    Release Notes
    - http://www.oracle.com/technetwork/ja...s-1907738.html

    JDK
    - http://www.oracle.com/technetwork/ja...s-1880260.html

    Java v7 Update 15
    - https://www.java.com/en/download/manual.jsp

    Risk Matrix
    - http://www.oracle.com/technetwork/to...l#AppendixJAVA

    - https://blogs.oracle.com/security/en...critical_patch
    Feb 19, 2013
    ___

    Java JRE v6 Update 41
    - http://www.oracle.com/technetwork/ja...s-1902815.html
    ___

    - http://www.securitytracker.com/id/1028155
    CVE Reference: CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487
    Feb 19 2013
    Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 1.4.2_41 and prior, 5.0 Update 39 and prior, 6 Update 39, 7 Update 13 and prior

    Last edited by AplusWebMaster; 2013-03-15 at 21:39.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #16
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down New Java 0-day bugs

    FYI...

    Two new Java 0-day bugs
    - https://www.computerworld.com/s/arti..._zero_day_bugs
    Feb 25, 2013 - "... Oracle shipped Java 7 Update 15 (7u15) on Feb. 19, bundling patches first released in a Feb. 1 emergency update with fixes for five more vulnerabilities. The -new- vulnerabilities affect only Java 7... Java 6, which Oracle has officially retired from support, does not contain the bugs... security experts today again urged users to disable or even uninstall Java..."
    - http://nakedsecurity.sophos.com/2013...bilities-java/
    Feb 25, 2013 - "... the flaws could be exploited to completely bypass Java's security sandbox and infect computers..."

    - http://arstechnica.com/security/2013...-one-attacked/
    Feb 25, 2013 - "... users who don't need Java should consider uninstalling it, or at least the Java plug-ins used to run Java content in Web browsers..."
    ___

    - http://atlas.arbor.net/briefs/index#230624733
    Elevated Severity
    Feb 26, 2013
    More security troubles for Java.
    Analysis: Restricting Java is an important step in protecting your enterprise. Monitoring it's use on the network can indicate exploitation calling back to a malware Command & Control server. Patches are being issued, however it's wise to restrict Java as much as possible and provide additional hardening if it must be used..."

    - http://h-online.com/-1810990
    26 Feb 2013

    Last edited by AplusWebMaster; 2013-02-28 at 18:46.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #17
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Current Java new attack ...

    FYI...

    Current Java new attack...
    - http://h-online.com/-1814716
    01 March 2013 - "... FireEye reports* that cyber criminals are exploiting previously unknown vulnerabilities in the -current- Java versions to deploy malware... The hole is found -both- in Java version 7 update 15 and in version 6 update 41...
    To protect themselves, users can completely uninstall Java or at least disable it in their browser..."
    * http://blog.fireeye.com/research/201...ero-day-2.html

    - https://www.virustotal.com/en/file/c...94b8/analysis/
    File name: Inst.exe
    Detection ratio: 24/46
    Analysis date: 2013-03-01

    New Java 0-Day Attack Echoes Bit9 Breach
    - https://krebsonsecurity.com/2013/03/...s-bit9-breach/
    Mar 1, 2013 - 110.173.55.187

    - https://secunia.com/advisories/52451/
    Release Date: 2013-03-02
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched
    CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2013-1493
    ... vulnerability is reported in version 7 update 15 and version 6 update 41. Other versions may also be affected.
    Solution: No official solution is currently available.
    Provided and/or discovered by: Reported as a 0-day.

    Last edited by AplusWebMaster; 2013-03-02 at 17:28.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #18
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java JRE 7u17 released

    FYI...

    There are a dozen known flaws in Java ...
    - http://blogs.computerworld.com/malwa...own-flaws-java
    March 10, 2013 - "The last time Oracle released a new version of Java was less than a week ago (March 4th). Yet, there are already a dozen known, un-patched bugs in this latest release (Java 7 update 17)..."
    ___

    Java JRE 7u17 released
    - http://www.oracle.com/technetwork/ja...s-1880261.html
    Mar 4, 2013

    - https://blogs.oracle.com/security/en..._cve_2013_1493
    Mar 4, 2013 - "Today Oracle released Security Alert CVE-2013-1493 to address two vulnerabilities affecting Java running in web browsers (CVE-2013-1493 and CVE-2013-0809). One of these vulnerabilities (CVE-2013-1493) has recently been reported as being actively exploited by attackers..."

    - http://www.oracle.com/technetwork/ja...s-1915289.html

    Risk Matrix
    - http://www.oracle.com/technetwork/to...l#AppendixJAVA

    JDK 7u17
    - http://www.oracle.com/technetwork/ja...s-1880260.html
    ___

    Java 6 Update 43
    - http://www.oracle.com/technetwork/ja...s-1902815.html

    - https://secunia.com/advisories/52451/
    Last Update: 2013-03-06
    Criticality level: Extremely critical
    Impact: System access
    Where: From remote...
    CVE Reference(s):
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-0809 - 10.0 (HIGH)
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-1493 - 10.0 (HIGH)
    Solution: http://www.oracle.com/technetwork/to...l#AppendixJAVA
    ___

    - http://seclists.org/fulldisclosure/2013/Mar/38
    Mar 4, 2013 - "... 5 -new- security issues were discovered in Java SE 7..."

    Last edited by AplusWebMaster; 2013-03-15 at 21:29.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #19
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Oracle Java Pre-Release Announcement - April 2013

    FYI...

    Oracle Java SE Critical Patch Update Pre-Release Announcement - April 2013
    - http://www.oracle.com/technetwork/to...3-1928497.html
    Apr 15, 2013 - "This Critical Patch Update Pre-Release Announcement provides advance information about the Oracle Java SE Critical Patch Update for April 2013, which will be released on Tuesday, April 16, 2013... this Critical Patch Update contains -42- new security vulnerability fixes..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #20
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java JRE 7u21, 6u45 released

    FYI...

    - http://www.symantec.com/connect/blog...-2423-coverage
    Updated: 26 Apr 2013 - "... this vulnerability is now seen as a high priority... Please be aware of -malware- that masquerades as software updates and patches - only download the patch from the official website."

    Current version always shown here:
    - https://www.java.com/en/download/manual.jsp
    ___

    Java JRE 7u21
    - http://www.oracle.com/technetwork/ja...s-1880261.html
    April 16, 2013

    Release Notes
    - http://www.oracle.com/technetwork/ja...s-1932873.html

    - https://blogs.oracle.com/security/en..._patch_update1
    Apr 16, 2013

    Oracle Java SE Critical Patch Update Advisory - April 2013
    - http://www.oracle.com/technetwork/to...l#AppendixJAVA
    April 16, 2013 - "This Critical Patch Update contains 42 new security fixes for Oracle Java SE. 39 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password..."

    Recommended Version 7 Update 21
    - https://www.java.com/en/download/manual.jsp

    - https://krebsonsecurity.com/2013/04/...ecurity-holes/
    April 16, 2013 - "... contains 42 new security fixes for Oracle Java SE. A majority of these flaws are browse-to–a-hacked-site-and-get-infected vulnerabilities..."

    Java JRE 6 Update 45
    - http://www.oracle.com/technetwork/ja...s-1902815.html
    ___

    Java 7 Update 21 is available - Watch for Behaviour Changes
    - https://isc.sans.edu/diary.html?storyid=15620
    2013-04-16 - "... Oracle has significantly changed how Java runs with this version. Java now requires code signing, and will pop up brightly coloured dialogue boxes if your code is not signed. They now alert on unsigned, signed-but-expired and self-signed certificates. We'll even need to click "OK" when we try to download and execute signed and trusted Java... graphics you can expect to see once you update are:
    > https://isc.sans.edu/diaryimages/ima...pired_cert.jpg
    > https://isc.sans.edu/diaryimages/ima...igned_cert.jpg
    Full details on the new run policy can be found here ==>
    - https://www.java.com/en/download/hel...itydialogs.xml
    And more information can be found here ==>
    - http://www.oracle.com/technetwork/ja...g-1915323.html "

    Dangerous defaults let certificates stay unchecked.
    - http://www.h-online.com/security/new...ew=zoom;zoom=2
    17 April 2013
    ___

    - http://www.securitytracker.com/id/1028434
    CVE Reference: CVE-2013-0401, CVE-2013-0402, CVE-2013-1488, CVE-2013-1491, CVE-2013-1518, CVE-2013-1537, CVE-2013-1540, CVE-2013-1557, CVE-2013-1558, CVE-2013-1561, CVE-2013-1563, CVE-2013-1564, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2394, CVE-2013-2414, CVE-2013-2415, CVE-2013-2416, CVE-2013-2417, CVE-2013-2418, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2425, CVE-2013-2426, CVE-2013-2427, CVE-2013-2428, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2432, CVE-2013-2433, CVE-2013-2434, CVE-2013-2435, CVE-2013-2436, CVE-2013-2438, CVE-2013-2439, CVE-2013-2440
    Apr 16 2013
    Impact: Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 5.0 Update 41, 6 Update 43, 7 Update 17; and prior versions...
    Solution: The vendor has issued a fix (6 Update 45, 7 Update 21)...
    ___

    - http://www.f-secure.com/weblog/archives/00002544.html
    April 23, 2013 - "A few days after Oracle released a critical patch, CVE-2013-2423* is found to (have) already been exploited. Upon checking the history, the exploitation seems to have begun on April 21st and is still actively happening... the Metasploit module was published on the 20th... the exploit was seen in the wild the day after..."
    * https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-2423

    Last edited by AplusWebMaster; 2013-05-15 at 14:46.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •