Serious Java vulnerability lets hackers masquerade as anyone they please

0
16



Oracle has patched a nasty vulnerability in the Java framework, the severity of which cannot be overstated, security experts say.

Tracked as CVE-2022-21449, the flaw was found in the company’s Elliptic Curve Digital Signature Algorithm (ECDSA) for Java 15 and newer. It allows threat actors to fake TSL certificates and signatures, two-factor authentication codes, authorization credentials and the like.



Source link