Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Java

+ - Experts Develop 3rd-Party Patch for New Java 0day->

Submitted by tsu doh nimh
tsu doh nimh (609154) writes "A new exploit for a zero-day vulnerability in Oracle's Java JRE version 7 and above is making the rounds. A Metasploit module is now available to attack the flaw, and word in the underground is that it will soon be incorporated into BlackHole, a widely used browser exploit pack. KrebsOnSecurity.com talked to the BlackHole developer, who said the Java exploit would be worth at least $100,000 if sold privately. Instead, this vulnerability appears to have been first spotted in targeted/espionage attacks that used the exploit to drop the remote control malware Poison Ivy, according to experts from Deep End Research. Because Oracle has put Java on a quarterly patch cycle, and the next cycle is not scheduled until October, experts have devise and are selectively releasing an unofficial patch for the flaw."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Experts Develop 3rd-Party Patch for New Java 0day

Comments Filter:

Committees have become so important nowadays that subcommittees have to be appointed to do the work.

Working...