Number: IRCNE2015072570
Date: 2015/07/15
According to “zdnet”, a new Java-based zero-day vulnerability is reported to be in use by a sophisticated APT group.
The Java zero-day is reportedly being exploited through drive-by downloads on the latest version of Java, version 1.8.0.45. Trend Micro says older versions, Java 1.6 and 1.7 are not affected by this zero-day exploit.
On Monday, Symantec said in a blog post that the antivirus vendor was researching reports that the zero-day vulnerability was active in the wild and being exploited. Symantec regards the vulnerability as "critical," considering the software is widely used by consumers internationally.
Oracle is working with Trend Micro to patch the problem. Until a fix is issued, users concerned about falling victim to the exploit should temporarily disable Java in their browser.
- 12