Events

Oracle Critical Patch Update October 2011

Overshadowed by the Duqu madness yesterday, Oracle released a slew of critical updates (please see “Related Links” in the right column of this page). Most interesting, but perhaps with little impact, is the Java SE BEAST update. Oracle claims to have pushed 57 different fixes across their product lines, including patches for Java and their virtualization Sun Ray product. But the hottest thing to talk about, of course, is the patch closing up CVE-2011-3389, or holes in the JSSE.

The BEAST researchers’ demo at Ekoparty Argentina that we posted on last month developed a fresh exploit to crack SSL/TLS sessions with a technique described almost a decade ago. The trick is always in the implementation, not the discussion, so it was impressive work that left the major software vendors with some heavy work. That list of vendors included Oracle, because the exploit developed for the demo abused vulnerabilities in Java code (the researchers claimed that vulnerabilities exist in Microsoft’s Silverlight and Javascript code too, they just didn’t deliver the exploit in those forms. Unfortunately, Silverlight BEAST exploit code is publicly available). The exploit almost turned into more of a disaster when Mozilla considered blocking all Java add-on use from their browsers: “We are currently evaluating the feasibility of disabling Java universally in Firefox installs and will update this post if we do so.” So, it is somewhat surprising that Oracle rated this fix low within their risk matrix with a “Base Score” of 4.3 (on a scale of 1-10, with 10 being the most risk).

Meanwhile, Oracle gives six different Java patches a base score on their risk matrix of “10”, with four of those highest risk level patches impacting the recently released Java 7. They impact logic within the JRE itself, AWT, Deserialization, and Scripting components within the JRE.

I’ve seen Oracle’s virtualization product “Sun Ray” adopted in a variety of corporate cloud situations, and cloud admin should be aware that the platform is impacted with a fix for CVE-2011-3538 and related authentication issues.

Oracle Critical Patch Update October 2011

Your email address will not be published. Required fields are marked *

 

Reports

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox