Oracle slams door on Russian cyberspies who hacked Nato PCs through Java
Oracle has fixed a vulnerability in Java that a Russian cyberespionage group used to launch stealthy attacks earlier this year.
At the same time, Oracle fixed 153 other security flaws in Java and a wide range of its other products, it said Tuesday.
The Java vulnerability can be used to bypass the user confirmation requirement before a Web-based Java application is executed by the Java browser plug-in. This type of protection mechanism is commonly referred to as click-to-play.
The flaw was reported to Oracle by security researchers from Trend Micro, who first spotted the vulnerability in July in attacks launched by a Russian hacker group dubbed Pawn Storm that commonly targets military and governmental institutions from NATO member countries.