The Hacker News Logo
Subscribe to Newsletter

Two new Java zero-day vulnerabilities reported to Oracle

A Polish security firm 'Security Explorations' reported two new Java zero-day vulnerabilities, as “issue 54” and “issue 55,” with proof of concept code to Oracle.


Oracle's security team is currently investigating the issue, but the status flaws not yet confirmed by Oracle. Less than a week after Oracle released its latest Java critical patch update, Researcher and Security Explorations's CEO Adam Gowdiak have found two previously unknown security issues affecting Java 7.

Security experts generally advise users to disable the Java browser plugin, which was exploited in recent targeted attacks on developers at Facebook, Apple and Microsoft.

Java has faced an increasing number of zero-day vulnerabilities, bugs that are exploited by criminals before those flaws are patched, or even known by the vendor.

Gowdiak confirmed that these newest vulnerabilities can be combined to circumvent Java's anti-exploit sandbox technology and used to attack machines whose browsers have the Java plug-in installed.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.