English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsSA47134

Oracle Java Software Update Spoofing Vulnerability


Secunia ID

SA47134
Release Date

12 Dec 2011
Criticality

Less Critical
Solution Status

Unpatched
Software

Sun Java JRE 1.6.x / 6.x
Where

From remote
Impact
Spoofing

This covers various vulnerabilities where it is possible for malicious users or people to impersonate other users or systems.
Description

Francisco Amato has reported a vulnerability in Oracle Java, which can be exploited by malicious people to conduct spoofing attacks.

The vulnerability is caused due to the "Java Update" mechanism insecurely validating new updates and can be exploited to e.g. spoof an update via Man-in-the-Middle (MitM) attacks.

This is related to vulnerability #12:
SA32991

The vulnerability is reported in versions 1.6.0.28 and prior.
Solution

Do not use the "Java Update" utility.
Reported by

Francisco Amato, Infobyte Security Research.
Original Advisory

Infobyte Security Research:
http://blog.infobytesec.com/2011/12/pwning-java-update-process-2007-today.html

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search