Java zero-day security flaw exploited in the wild

Borg 386 · 14 Jul 2015

Oracle is working with Trend Micro to patch the problem. Until a fix is issued, users concerned about falling victim to the exploit should temporarily disable Java in their browser.

The Java zero-day is reportedly being exploited through drive-by downloads on the latest version of Java, version 1.8.0.45. Trend Micro says older versions, Java 1.6 and 1.7 are not affected by this zero-day exploit.

Although no details have been released on delivery -- unsurprising, considering a patch is yet to be issued -- the exploit code, TROJ_DROPPR.CXC, drops a payload called TSPY_FAKEMS.C into the login user folder.

Java zero-day security flaw exploited in the wild | ZDNet

Mystere · 14 Jul 2015

I was wondering why I suddenly got a new popup to install a new version of Java (build 51)