Java Malicious App Alert System Tricked
Developer hacks Java security warnings to display fake app names; Oracle reportedly prepping a fix
Attackers can spoof information relayed by the Java 7 malicious app warning system. So says programmer Jerry Jongerius, who has released a "Java Code Signing Failure" alert detailing how app names displayed by Java security dialog boxes can be arbitrarily changed.
Java first unveiled its malicious app warning system in April -- to mixed reviews -- with the release of Java 7 update 21. The system is designed to warn users not to execute any Java app that hasn't been signed with a digital certificate. For signed apps, the warning system asks users if they want to proceed, and relays information to help them make their decision, including the name of the signed app, source and publisher.
More Security Insights
- Forrester Study: The Total Economic Impact of VMware View
- Securing Executives and Highly Sensitive Documents of Corporations Globally
- Top Big Data Security Tips and Ultimate Protection for Enterprise Data
- Client Windows Migration: Expert Tips for Application Readiness
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.