YAJZE: Yet another Java Zero-Day Exploit

Unfortunately, it is really the case to say that Java has “yet another zero-day exploit”.

The latest version of Java, v7 Update 10 is affected and currently there is no plan for a patch. The vulnerability which is already used in online attacks is a code injection onto a fully patched Windows system running the affected Java version. It is not known yet if other versions of Java are affected. In order to get affected, somebody has to visit a website running the exploit applet which performs the code injection.

If in the meantime you re-activated the Java plugin in your  browser since the last zero-day exploit at the end of August 2012, here is how to deactivate it again:

All Avira products detect such exploits under the names: EXP/Java.AL, EXP/Java.AM, EXP/Java.AN, EXP/Java.AO, EXP/CVE-2013-0422.A, EXP/CVE-2013-0422.B, EXP/CVE-2013-0422.C

 

Sorin Mustaca

IT Security Expert

via Avira – TechBlog http://techblog.avira.com/2013/01/11/yajze-yet-another-java-zero-day-exploit/en/


© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity


Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

One thought on “YAJZE: Yet another Java Zero-Day Exploit

Comments are closed.