Despite the warnings, should not Oracle have said they are willing to bring forward a security patch that eliminates the vulnerability.
Yesterday reporting including research director Roger Thompson of AVG security company that actively exploited the vulnerability on a popular site for download of the lyrics. According to CNet News, it concerns this Songlyrics.com.
The website should have been planted attack code that exploited the vulnerability of both Java and a vulnerability in Adobe Reader. The attacks should have been successful against users of Internet Explorer and Firefox, but Thompsom experienced not the same with Google Chrome.
- The code involved is really simple, and it makes it easy to copy. So it's not surprising one just five days, so we detect attack code on a server in Russia, writes Thompson.
- This vulnerability is particularly nasty because it is a logical error, or a design error and not the typical buffer overflow flaw, says Marc Maiffret, security architect manager at FireEye, to CNet News.
- It means that the attack code is more reliable and works across multiple browsers.
