New unpatched vulnerabilities uncovered in Flash, Java

Watch where you point those web browsers: Oracle's Java and Adobe's Flash are both subjects of new zero-day vulnerabilities. As Ars Technica reports, a hole in Java and two more Flash weaknesses have been unearthed as part of the Hacking Team data leak.

The Java hole may be the most troublesome. Anti-virus maker Trend Micro warns on its corporate blog that it has detected email messages exploiting the vulnerability addressed to both a NATO member and a US defense contractor. Trend Micro also notes that this marks the first zero-day attack against Java since 2013, and advises disabling Java until the security issue is patched by Oracle.

Ars also details two Flash vulnerabilities, which are unrelated to another Flash problem patched last Wednesday. These security holes are present in the current version of Flash on Windows, Mac, and Linux systems. At present, there's apparently no known attack that exploits these holes, but users should be cautious regardless. Adobe has published a security bulletin and plans to update the plugin this week.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.