YAJZE: Yet another Java Zero-Day Exploit

Unfortunately, it is really the case to say that Java has “yet another zero-day exploit”.

The latest version of Java, v7 Update 10 is affected and currently there is no plan for a patch. The vulnerability which is already used in online attacks is a code injection onto a fully patched Windows system running the affected Java version. It is not known yet if other versions of Java are affected. In order to get affected, somebody has to visit a website running the exploit applet which performs the code injection.

If in the meantime you re-activated the Java plugin in your  browser since the last zero-day exploit at the end of August 2012, here is how to deactivate it again:

All Avira products detect such exploits under the names: EXP/Java.AL, EXP/Java.AM, EXP/Java.AN, EXP/Java.AO, EXP/CVE-2013-0422.A, EXP/CVE-2013-0422.B, EXP/CVE-2013-0422.C


Sorin Mustaca

IT Security Expert

via Avira – TechBlog http://techblog.avira.com/2013/01/11/yajze-yet-another-java-zero-day-exploit/en/

© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

%d bloggers like this: