This is getting old: New zero-day vulnerabilities found in latest versions of Java, including Java 7 Update 15


Still have Java installed on your computer or enabled in your browser? Then you should know new vulnerabilities have been discovered in the latest versions of Java. Again.

The current latest version of Java is Java 7 Update 15, which includes the most recent patch Oracle issues on February 19. According to Security Explorations, a Poland-based security company that has been discovering Java vulnerabilities faster than Oracle can patch them, Java 7 Update 15 has two previously undiscovered vulnerabilities that, once combined together and exploited, allows scumbags to bypass Java’s security sandbox and take control of and/or infect computers.

These two vulnerabilities, identified as Issue 54 and Issue 55, affect not only the latest version but all of Java 7. However, it doesn’t appear to affect earlier versions of Java. It is unknown if these vulnerabilities are Windows-only or affect Mac OS X and Linux, too.

The next regular Java update by Oracle that could potentially fix these issues is scheduled for April 16. So unless Oracle issues another irregular patch (which will only happen if these vulnerabilities are discovered in in-the-wild attacks), these vulnerabilities are going to stay unpatched for over a month.This is particularly worrisome when considering recent hacks of major corporations, e.g. Facebook, Apple, and Microsoft, were conducted by exploiting Java.

If you still have Java installed/enabled, this may be a good time to either uninstall Java completely or at least disable it in your browser.

[via Softpedia, Security Explorations, image via Justin Kraemer]

Related Posts