| Java exploit, embedded back door?
Report regarding malware use of Java Web Start |
tangor
msg:4114017 | 10:20 pm on Apr 11, 2010 (gmt 0) |
The bug in the Java Web Start component has been confirmed exploitable on all recent versions of Windows by Tavis Ormandy, a security researcher who prefers his employer not be named. Fellow researcher Ruben Santamarta of Spain-based security firm Wintercore, said a related flaw potentially affects Linux users as well.
Both researchers stressed the ease in which attackers can exploit the bug using a website that silently passes malicious commands to various Java components that jump-start applications in Internet Explorer, Firefox, and other browsers. Ormandy said he alerted Java handlers in Oracle's recently-acquired Sun division to the threat but "they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle." |
|
As reported at The Register: [theregister.co.uk...]
I don't run Java... ie. it is not installed... but how many others out there are doing the same?
|
|
