New Java exploit sells for $5000 on Black market
We continues to recommend users disable the Java program in their Web
browsers, because it remains vulnerable to attacks that could result in
identity theft and other cyber crimes and less than 24 hours after Oracle Sunday released a security update
that addresses two critical zero-day vulnerabilities in Java that are
being actively exploited by attackers, an online vulnerability seller
began offering a brand-new Java bug for sale.
According to a report,
a Java exploits was being advertised for $5,000 a piece in an
underground Internet forum and the new zero-day vulnerability was
apparently already in at least one attacker's hands.
The thread has since been deleted from the forum indicating a sale has
been made, something sure to bring more concern to Oracle.Oracle can’t
predict the future, and its engineers obviously can’t predict what
exploits are going to be found in its software.
The most recent hold Java fixed allowed hackers to enter a computer by
using compromised websites as the entry-point into Java. Once in the
system, they could steal any information, or hook up the computer to a
botnet or a string of infected computers that can be used to launch
attacks against other computers.
The exploit is valuable because not only is it usable on the most
up-to-date version of Java, which could remain vulnerable for weeks, if
not months.
link:thehackernews
0 comments:
Post a Comment