A Polish security firm 'Security Explorations' reported two new Java zero-day vulnerabilities, as “issue 54” and “issue 55,” with proof of concept code to Oracle.
Oracle's security team is currently investigating the issue, but the status flaws not yet confirmed by Oracle. Less than a week after Oracle released its latest Java critical patch update, Researcher and Security Explorations's CEO Adam Gowdiak have found two previously unknown security issues affecting Java 7.
Security experts generally advise users to disable the Java browser plugin, which was exploited in recent targeted attacks on developers at Facebook, Apple and Microsoft.
Java has faced an increasing number of zero-day vulnerabilities, bugs that are exploited by criminals before those flaws are patched, or even known by the vendor.
Gowdiak confirmed that these newest vulnerabilities can be combined to circumvent Java's anti-exploit sandbox technology and used to attack machines whose browsers have the Java plug-in installed.
Popular Deals From Our Store
Ethical Hacking Certification Training
Get Professional Ethical Hacking Certifications: CEH, CHFI, CISM, CISA, CISSP Trainings.
96% Off Get this Deal
Computer Hacking Forensic Investigation
Online Hands-on Training with Lifetime Access to Forensic Investigation Certification Classes.
98% Off Get this Deal