Monday, May 16, 2022

Java Zero-Day Exploit Selling for 10k+

Krebsonsecurity reports that a Java Zero-Day is being sold on underground forum for tens of thousands of dollars, he didn’t list a specific price.

The fault, presently being sold by a member of an invite-only forum, targets a vulnerability in Java JRE 7 Update 9, the latest version of Java the seller claims this flaw does not exist in Java 6 or earlier versions.  According to the vendor, the weakness resides within the Java class “MidiDevice.Info,” a component of Java that handles audio input and output. “Code execution is very reliable, worked on all 7 version I tested with Firefox andMSIE on Windows 7,” the seller explained in a sales thread on his exploit.

Why are Java exploits so valuable?  Oracle claims that some 3 billion devices run Java, this includes phones, Macs, PCs, and Linux operating systems.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …