search menu icon-carat-right cmu-wordmark

Anatomy of Another Java Zero-Day Exploit

In this video, David Svoboda demonstrates a public exploit that attacked an unpatched Java Virtual Machine.




Java was recently hit by several major exploits. They were written in pure Java and relied on several obscure components of the Java library. Understanding how exploits undermine Java security is a fundamental step in understanding and improving Java security and producing secure Java code. Consequently, this session demonstrates and examines a public exploit. It dissects the code of the exploit and illustrates how the exploit managed to attack an unpatched Java Virtual Machine, focusing on the techniques the exploit used, with references to relevant guidelines from The CERT Oracle Secure Coding Standard for Java. The session concludes with explaining how Java was patched to defeat the exploit.