Oracle has released another batch of updates for Java
At the end of last week, the Facebook administration announced that the laptops of some of the company's employees were infected with malicious code. During the investigation of the incident, it became clear that the infection occurred through a mobile device development website that was compromised by malicious content. When visiting this site, users were redirected to a set of exploits that installed malware on computers that were vulnerable to exploits. Facebook security team notes that employees' laptops were compromised using 0day Java visibility unclosed at that time. The company emphasizes that they have no reason to believe that the attackers managed to steal any information about social network accounts or other personal information of users.
Facebook says that after the discovery of this Java 0day, they reported to Oracle about the found vulnerability and on February 1, Oracle released a patch for Java number 13, 7u13 , which covered this vulnerability as well.
')
Such attacks are called "watering hole" or, literally, "watering." In this scheme, attackers compromise a website that is visited by a large number of people. As a result, the number of users who may be vulnerable to a set of exploits, through which malicious code is delivered to vulnerable computers, is significantly expanded.
Yesterday, Reuters spread the news that some Apple employees were subject to a similar attack. Malicious code on their Macs was installed through a website that was compromised by malicious content. An exploit kit and vulnerability in a Java plugin for browsers were also used to install malware.
Some time after this statement, Apple, Oracle announced the release of the next set of fixes. This set includes fixes from the previous series of updates (from February 1, first), plus 5 new fixes. So the current java version is 7u15 .
The Java 7u15 distribution is available for download here .
be secure.
Facebook says that after the discovery of this Java 0day, they reported to Oracle about the found vulnerability and on February 1, Oracle released a patch for Java number 13, 7u13 , which covered this vulnerability as well.
')
Such attacks are called "watering hole" or, literally, "watering." In this scheme, attackers compromise a website that is visited by a large number of people. As a result, the number of users who may be vulnerable to a set of exploits, through which malicious code is delivered to vulnerable computers, is significantly expanded.
Yesterday, Reuters spread the news that some Apple employees were subject to a similar attack. Malicious code on their Macs was installed through a website that was compromised by malicious content. An exploit kit and vulnerability in a Java plugin for browsers were also used to install malware.
Some time after this statement, Apple, Oracle announced the release of the next set of fixes. This set includes fixes from the previous series of updates (from February 1, first), plus 5 new fixes. So the current java version is 7u15 .
Note: This is a Critical Patch Update for all users. Critical Patch Update for February 2013. June and October of 2014.
The Java 7u15 distribution is available for download here .
be secure.
Source: https://habr.com/ru/post/170043/
All Articles