The Oracle May Foresee a Storm in a Coffee Cup

Let’s wake up and smell the coffee.

There have been several security write-upsabout the recent 0-day java vulnerability CVE-2012-4681. Oracle itself only issued a bulletinrecently, but the vulnerability has been right royally exploited in the wild by cyber criminals in Russia and China (well, no surprises there).

 

It has been a turbulent week or so, with the same exploit code first being used in a targeted attack, and later being commercially incorporated in bog standard exploit kits. Indeed, a fair amount of bad news.

Fortunately, Oracle has now provided the security update to patch the vulnerability. We recommend applying this ASAP if you are running java. Note, however, that K7′s Carnivore technology was already blocking attempts to exploit CVE-2012-4681, right from day zero. Further more, many of the known bad URLs were already blocked by K7′s SiteBlocker, generics playing a part. Finally, the exploit JARs and the associated binaries have been tackled in a proactive fashion. This means the K7 fortress around the user has kept things safe and secure.

 

Samir Mody
Senior Manager, K7TCL

Tags: , , , , , , , ,

About k7press

Antivirus Vendor - distributor for United Kingdom and Republic of Ireland

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s