The vulnerability is in Java Version 8 Update 45. Attackers use an Exploit for the vulnerability for attacks against a member of NATO and the US military. Java 6 and 7 should not be affected.
Trend Micro has discovered a Zero-Day vulnerability in Oracle Java. The has shown a further analysis of the Malware campaign, Pawn Storm. Therefore, it is the first Zero-Day vulnerability in the runtime environment for almost two years. Is affected only the current Java Version 8 Update 45.
From the Blog of the security company’s, the attackers use an Exploit for the Java-gap, in order to attack the army of a NATO state, as well as a US defense organization. The Smart Protection Network the Trend Micro have discovered in E-Mails, dangerous URLs. This direct users to a Website hosting the Exploit.
Cyber criminals can exploit the vulnerability to malicious code to inject and execute. Then, you can compromise the safety of the affected system. In the case of the attacks of the backers of Pawn Storm on NATO members, as well as the White house in April of this year, the Java was not come-gap, however, is still used.
Trend Micro has set the Oracle about the vulnerability already in the knowledge. Oracle advises Java-users to disable the runtime environment in their browsers.
Oracle already announced at the end of last week, a Java Update. It is tomorrow to be in the course of the day, in the context of the July patch day spread. Oracle provides security updates on a schedule, only on a quarterly basis in January, April, July and October.
If the Java Update that contains a Fix for the Zero-Day vulnerability is not known. Notice that stuck in Oracle products, such as Java, database, Fusion Middleware, Enterprise Manager, and MySQL probabilities, a total of 193-prone.
[mit Material von Stefan Beiersmann, ZDNet.de]
Tip: Do you know the history of computer viruses? Check your Knowledge – with 15 questions on silicon.de