Monday, March 4, 2013

Another Java zero-day flaw discovered

Less than a week after the latest zero-day flaw in Oracle's Java software was discovered, security researchers have discovered yet another bug that can allow attacks on computers. The latest flaw, which researchers from FireEye dubbed the vulnerability YAJ0 - Yet Another Java Zero-Day, is already being exploited "in the wild." According to FireEye, new zero-day vulnerability has been used to attack multiple customers, especially those whose browsers have Java v1.6 Update 41 and Java v1.7 Update 15 installed. Unlike other popular Java vulnerabilities, this new vulnerability "leads to arbitrary memory read and write in JVM process."

No comments: