A comparison of code found in BlackHole and code published earlier as a proof-of-concept exploit.
So far, all of the exploits reported to be in the wild attack Windows PCs, but according to Errata Security CTO David Maynor, it's not hard exploit Mac and Linux machines that have the latest version of Java from Oracle installed. Neither platform has it installed by default, however. The vulnerability has nothing to do with JavaScript.
On Monday night, about 24 hours after the vulnerability became public, attack code exploiting it was added to BlackHole, an exploit kit sold in underground forums, security researchers said. A quick inspection of the BlackHole attack by antivirus provider F-Secure found it used many of the same coding conventions contained in a proof-of-concept exploit published earlier by security researcher Joshua Drake. It also added to the Metasploit exploit framework used by penetration testers and hackers.
Read 5 remaining paragraphs | Comments
DIGITAL JUICE
No comments:
Post a Comment
Thank's!