New vulnerabilities in the Oracle’s Java Runtime Environment (JRE) have been recently discovered in the wild (first vulnerability originally reported by Fireeye, the second described by Esteban Guillardoy). The vulnerabilities targets newest version of JRE (1.7) and even with the latest update (JRE 1.7 update 6) your machine is in danger and easily exploitable. According to the Oracle’s patching cycle the patch is out of sight. So scary and Java again! But it is even worse!

The most successful exploit kit has quickly adopted these bugs which was predicted by the Brian Krebs earlier. So, all the current Blackhole campaigns  use these exploits in order to infect victims. In addition, the exploitation is confirmed to work using Internet Explorer, Firefox, Opera, Google Chrome and also Safari on multiple platforms including Windows, Linux and MacOS.

Do you really think this can’t be worse? Oracle knew about these (and also other) vulnerabilities since April according to the Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations.

Read more…