Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: MysteryFCM on March 01, 2013, 04:42:16 am

Title: ALERT: Yet another Java 0day
Post by: MysteryFCM on March 01, 2013, 04:42:16 am
ALERT: Yet another Java 0day

Quote
Java is at the center of yet another security storm after Polish security researchers found not one, but two new separate zero-day flaws in the Web plug-in software.

 Web users are once again warned to disable Java immediately to prevent any infection on production machines or networks. Read this

 Amid a serious security flaw in the latest version of Java 7, where even the U.S. Department of Homeland Security has warned users to disable the plug-in, here's how you do it.

 Security firm Security Explorations submitted information about the bugs to Oracle, the developer of the Java 7 software, including proof-of-concept exploits that prove the bugs exist. However, in one of the cases, Oracle believes this is "allowed behavior," suggesting an apathy on the company's part to fix the alleged flaw.

 The two zero-day flaws are the latest in a number of problems affecting the Java plug-in, forcing Oracle to patch the software twice with emergency patches this year alone.

Read more
http://www.zdnet.com/oracle-investigating-after-two-more-java-7-zero-day-flaws-found-7000011965/

 If you've not already ripped Java out of your system, I'd suggest you do it asap;

 JavaRA
http://singularlabs.com/software/javara/

 JavaRA Download page
http://singularlabs.com/software/javara/javara-download/

 Direct download
http://download.thewebatom.net/50f69935741f0/JavaRa-2.1.zip
Title: Re: ALERT: Yet another Java 0day
Post by: SysAdMini on March 01, 2013, 01:54:55 pm
JavaRA looks interesting.

Do you know if it can be run from command line ? Would be nice for a company environment.
Title: Re: ALERT: Yet another Java 0day
Post by: MysteryFCM on March 01, 2013, 08:27:28 pm
Don't believe so, but know the developer, so will have a word (was developed by a chap that frequented the Malwarebytes forums).