Java zero-day exploit hits the web

A new browser-based exploit for a Java vulnerability that allows attackers to execute arbitrary code on client systems has been spotted in the wild – and because of Oracle's Java patch schedule, it may be some time before a fix becomes widely available.

Atif Mushtaq of security firm FireEye reported that the vulnerability is present in the Java Runtime Environment (JRE) version 1.7 or later, while PCs with Java versions 1.6 or earlier installed are not at risk.

"Unlike other exploits, which, when they run, crash your browser and give you a feeling that something is wrong, this attack really works silently," Mushtaq said on August 27. "Every big platform is really being targeted right now."

Although the exploits now circulating in the wild have been aimed only at Windows users, it's possible that Macs could also be targeted.

"What is more worrisome is the potential for this to be used by other malware developers in the near future," said Intego, a Mac-specific antivirus vendor, in a post to its own blog Monday. "Java applets have been part of the installation process for almost every malware attack on OS X this year."

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules