New
#1
Java zero-day security flaw exploited in the wild
Oracle is working with Trend Micro to patch the problem. Until a fix is issued, users concerned about falling victim to the exploit should temporarily disable Java in their browser.The Java zero-day is reportedly being exploited through drive-by downloads on the latest version of Java, version 1.8.0.45. Trend Micro says older versions, Java 1.6 and 1.7 are not affected by this zero-day exploit.Java zero-day security flaw exploited in the wild | ZDNetAlthough no details have been released on delivery -- unsurprising, considering a patch is yet to be issued -- the exploit code, TROJ_DROPPR.CXC, drops a payload called TSPY_FAKEMS.C into the login user folder.