| Home : March 14 2013 Computer News : Researchers: Java's security problems unlikely to be resolved soon |
|
Researchers: Java's security problems unlikely to be resolved soon |
March 14, 2013
Since the start of the year, hackers have been exploiting vulnerabilities in Java to carry out a string of attacks against companies including Microsoft, Apple, Facebook and Twitter, as well as home users. Oracle has made an effort to respond faster to the threats and to strengthen its Java software, but security experts say the attacks are unlikely to let up any time soon.
Just this week, security researchers said the hackers behind the recently uncovered MiniDuke cyberespionage campaign used Web-based exploits for Java and Internet Explorer 8, along with an Adobe Reader exploit, to compromise their targets. Last month, the MiniDuke malware infected 59 computers belonging to government organizations, research institutes, think tanks and private companies from 23 countries.
The Java exploit used by MiniDuke targeted a vulnerability that hadn’t been patched by Oracle at the time of the attacks, Kaspersky Lab said in a blog post. Vulnerabilities that are made public or exploited before a patch is released are known as zero-day vulnerabilities, several of which have been used in the attacks against Java this year.
In February, software engineers from Microsoft, Apple, Facebook and Twitter had their work laptops infected with malware after visiting a community website for iOS developers that had been rigged with a Java zero-day exploit. The breaches were the result of a larger “watering hole” attack launched from multiple websites that also affected government agencies and companies in other industries, The Security Ledger reported.
To read this article in full or to leave a comment, please click here
Link: http://www.pcworld.com/article/2030778/researchers-javas-security-problems-unlikely-to-be-resolved-soon.html#tk.rss_all
|
|
|
|
|
