Seems like the troubles are never leaving Oracle since the 0day exploit was reported nearly a month ago. After couple of updates to stop the exploit, it is found that the update itself is as vulnerable as the original exploit it was supposed to stop.
However it may please the Oracle top honchos to note that the Security Explorations has said that the vulnerabilities need to be linked together to bypass Java’s security checks, and that this particular set isn’t yet being used by attackers to the company’s knowledge.
This is the latest news from last week that at least three 0-day vulnerabilities were found in the company’s software, and at least one is actively being exploited. The “0-day” or “zero-day” refers to a security hole that has not been publicly disclosed yet, and so doesn’t have a patch available which was first reported by another security firm FireEye.
Since than it has been confirmed that at least one exploit out of total 8 may have been exploited in the 'wild'. So there is every possibility that some major dot com may report another set of hacking. Evernote had reported yesterday that its data was accessed and it had reset passwords of all its users across the board. Though it said that its data was not compromised but to be on the safer side, it just reset all the passwords. As of now the Evernote mishap has not been linked to Java in any which way.
We will have to see how much longer the Java saga continues. Till that time please disable Java in your PC to be on the safer side. If you have not done so already, please visit this page to learn the same. Further feel free to read almost 4 articles on this subject.
Vijay Prabhu
0 comments