Critical Java updates fix 19 vulnerabilities, disable SSL 3.0

By January 21, 2015 September 5th, 2017 News

Oracle released new security updates for Java to fix 19 vulnerabilities and disable default support for SSL 3.0, an outdated version of the secure communications protocol that is vulnerable to attacks.

“The threats associated with sandbox bypass vulnerabilities in this CPU [Oracle Critical Patch Update] range from reading and writing local data to complete ‘operating system takeover including arbitrary code execution’,” said John Matthew Holt, the CTO of Java application security firm Waratek, via email. “Complete OS takeover vulnerabilities are the worst possible kind because attackers can use these vulnerabilities to not just steal sensitive or confidential data, but to install malware, steal passwords, assume a user’s identity, delete files, and use the compromised machine as a pivot point to launch deeper attacks to other lateral machines within the same local area network.”

The number of attacks that exploit Java vulnerabilities to install malware on computers has been on a steady decline over the past year, but Java exploits remain one of the top attack vectors against Web users, according to a report released Tuesday by Cisco Systems.

Read the full article

News

Author News

More posts by News

Leave a Reply

X