New Java Zero-Day Vulnerability Affects 1.1 Billion Computers

By Palo Alto Networks | September 27, 2012

A new Java Zero-Day vulnerability was discovered by Security Explorations. Adam Gawdiak of Security Explorations says the they have successfully exploited the vulnerability to achieve complete Java sandbox bypass. All latest versions of Java SE were confirmed to be vulnerable:

  • Java SE 5 Update 22
  • Java SE 6 Update 35
  • Java SE 7 Update 7

According to Oracle, Java has 1.1 billion users around the world. Unfortunately, the vulnerability is exploitable on the latest versions of all major browsers:

  • Firefox 15.0.1
  • Google Chrome 21.0.1180.89
  • Internet Explorer 9.0.8112.16421 (update 9.0.10)
  • Opera 12.02 (build 1578)
  • Safari 5.1.7 (7534.57.2)

This vulnerability comes immediately after a critical Java vulnerability was found and exploited in the wild. Currently, there is no known in-the-wild exploitation of this new vulnerability. The vendor has been notified.

Cyvera TRAPS is able to stop Zero-Day exploits without letting the machine on which Cyvera TRAPS is installed reach a state of compromise.

Copyright ©2014 Palo Alto Networks • All Rights Reserved.