Oracle’s Java SE Critical Patch Update for April 2013 contains 19 CVEs with CVSS base score of 10 (the highest you can go) indicating that exploiting the vulnerability is not particularly challenging and could give complete control of compromised systems.
Making good on their promise, Security Exploration has published technical details about a Java issue that they consider to be a security vulnerability, but Oracle has categorized as demonstrating "allowed behavior".
Researchers from Kaspersky and CrySyS Lab continue to analyze the MiniDuke backdoor and have discovered two previously unknown infection mechanisms.
A signed but malicious applet that will apparently fool even the latest Java 6 update has been discovered on a German online dictionary website infected by the g01pack exploit kit, warns security researcher and Metasploit contributor Eric Romang.
Oracle has released an out-of-band Java patch to fix the CVE-2013-1493 vulnerability that is currently being exploited in attacks in the wild.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.