Another Java Zero-Day Vulnerability Hits Black Market
Source: InformationWeek
Another Java Zero-Day Vulnerability Hits Black Market
Just 24 hours after Oracle patched two critical flaws in Java, online vulnerability vendor starts selling never-seen Java bug.
Mathew J. Schwartz | January 16, 2013 12:06 PM
Call it malware cash and carry: Less than 24 hours after Oracle Sunday released a security update that addresses two critical zero-day vulnerabilities in Java that are being actively exploited by attackers, an online vulnerability seller began offering a brand-new Java bug for sale.
"On Monday, an administrator of an exclusive cybercrime forum posted a message saying he was selling a new Java 0day to a lucky two buyers. The cost: starting at $5,000 each," said security reporter Brian Krebs, who was the first to report the vulnerability sales offer.
What does a starting price of $5,000 buy? "The hacker forum admin's message ... promised weaponized and source code versions of the exploit. This seller also said his Java 0day -- in the latest version of Java (Java 7 Update 11) -- was not yet part of any exploit kits," said Krebs.
[font size=1]
-snip-[/font]
Read more:
http://www.informationweek.com/security/attacks/another-java-zero-day-vulnerability-hits/240146416