Java Malicious App Alert System TrickedJava Malicious App Alert System Tricked
Developer hacks Java security warnings to display fake app names; Oracle reportedly prepping a fix
August 29, 2013

Attackers can spoof information relayed by the Java 7 malicious app warning system. So says programmer Jerry Jongerius, who has released a "Java Code Signing Failure" alert detailing how app names displayed by Java security dialog boxes can be arbitrarily changed.
Java first unveiled its malicious app warning system in April -- to mixed reviews -- with the release of Java 7 update 21. The system is designed to warn users not to execute any Java app that hasn't been signed with a digital certificate. For signed apps, the warning system asks users if they want to proceed, and relays information to help them make their decision, including the name of the signed app, source and publisher.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023