Java Malicious App Alert System Tricked
Developer hacks Java security warnings to display fake app names; Oracle reportedly prepping a fix
Attackers can spoof information relayed by the Java 7 malicious app warning system. So says programmer Jerry Jongerius, who has released a "Java Code Signing Failure" alert detailing how app names displayed by Java security dialog boxes can be arbitrarily changed.
Java first unveiled its malicious app warning system in April -- to mixed reviews -- with the release of Java 7 update 21. The system is designed to warn users not to execute any Java app that hasn't been signed with a digital certificate. For signed apps, the warning system asks users if they want to proceed, and relays information to help them make their decision, including the name of the signed app, source and publisher.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author
You May Also Like
Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024