DHS Warns About Java; Red October Connection?

A few days ago, the U.S. Department of Homeland Security issued a warning to temporarily disable Java on your computers, warning of:

A vulnerability in the way Java 7 restricts the permissions of Java applets could allow an attacker to execute arbitrary commands on a vulnerable system.

Now this morning we have this from ARS Technica: Red October relied on Java exploit to infect PCs

Attackers behind a massive espionage malware campaign that went undetected for five years relied in part on a vulnerability in the widely deployed Java software framework to ensnare their victims, a security researcher said.


Oracle developers patched the bug in October, 2011, the malicious Java archive file was compiled the following February.

Be warned.

Leave a Reply