Jump to content



Photo

Yet another Java zero day...


  • Please log in to reply
5 replies to this topic

#1 Dot Matrix

Dot Matrix

    Way past cool.

  • 9,400 posts
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 16 January 2013 - 15:15

One day after patching a massive zero day exploit, Oracle once again finds themselves in a hole with a new zero day exploit found in Java.

On Monday, a hacker posted a message he was selling a new zero day kit to lucky buyers - for $5,000 each.


“New Java 0day, selling to 2 people, 5k$ per person
And you thought Java had epically failed when the last 0day came out. I lol’d. The best part is even-though java has failed once again and let users get compromised… guess what? I think you know what I’m going to say… there is yet another vulnerability in the latest version of java 7. I will not go into any details except with seriously interested buyers.
Code will be sold twice (it has been sold once already). It is not present in any known exploit pack including that very private version of [Blackhole] going for 10$k/month. I will accepting counter bids if you wish to outbid the competition. What you get? Unencrypted source files to the exploit (so you can have recrypted as necessary, I would warn you to be cautious who you allow to encrypt… they might try to steal a copy) Encrypted, weaponized version, simply modify the url in the php page that calls up the jar to your own executable url and you are set. You may pm me.



Oh, dear...


#2 +Brando212

Brando212

    Causer of disasters

  • 6,216 posts
  • Joined: 15-April 10
  • Location: right behind you
  • OS: OS X Mavricks, Windows 7/8.1 Pro
  • Phone: Sony Xperia ZL

Posted 16 January 2013 - 17:05

somehow not surprised

oracle needs to sit down a bunch of white collar hackers and have them crunch away for awhile

#3 Growled

Growled

    Neowinian Senior

  • 41,508 posts
  • Joined: 17-December 08
  • Location: USA

Posted 17 January 2013 - 01:52

Java is a disaster waiting to happen.

#4 siah1214

siah1214

    Neowinian Senior

  • 1,975 posts
  • Joined: 09-April 12

Posted 17 January 2013 - 01:57

Java is a disaster.

Fixed that for ya ;)

#5 Lord Method Man

Lord Method Man

    Neowinian Senior

  • 3,274 posts
  • Joined: 18-September 12
  • OS: Windows 8.1 Pro
  • Phone: Nokia Lumia 520

Posted 17 January 2013 - 01:59

Ah Java...

#6 Enron

Enron

    Windows for Workgroups

  • 7,860 posts
  • Joined: 30-May 11
  • OS: Windows 8.1 U1
  • Phone: Nokia Lumia 900

Posted 17 January 2013 - 02:01

Java is a disaster waiting to happen.


The disaster has been happening for a while already.



Click here to login or here to register to remove this ad, it's free!