Computer Security Oracle Addresses DLL Hijacking Issue Affecting iTunes,...

Oracle Addresses DLL Hijacking Issue Affecting iTunes, Chrome, Firefox, Adobe Reader and Others

java dll hijacking issueWe recently reported on how Oracle is set to kill off the Java Web Browser plugin, which has been the brunt of countless malware attacks through its relatively unsecure platform over the internet. Even after the announcement of Java entering into its last days, there has been an onslaught of DLL hijacking issues plaguing popular applications, such as Google Chrome, Firefox, OpenOffice, iTunes and Adobe Reader.

DLL, or Dynamic Link Library, has been a well-known structure utilized in the Windows operating system combining small programs that run in the background. For nearly as long as DLL files have been around, hackers and cybercrooks have exploited the system file many times, so many that we cannot fathom an accurate account. Regardless of how many times DLL files have been leveraged for spreading malware or exploiting a system vulnerability, Oracle has had to backtrack to fix a well-known security issue that is affecting several applications in a way that allows malware authors to hijack them.

In what is called the security issue (CVE-2016-0603) Oracle has addressed and fixed a severe DLL hijacking issue that has affected many applications where they have a vulnerability to allow attackers to foil end-users to double-click and execute their own malicious binary. What this means is that those affected directly with the security vulnerability with applications ranging from Google Chrome to Adobe Reader may automatically infect their system with malware by opening up one of the affected programs.

The attack method for the discovered vulnerability is rather old. It's so old that most of the software vendors who had a product adversely affected by the issue already know about it and may have been sufficiently armed to deal with it on their own. However, in the light of how Oracle's Java installer is seeing its last days, the latest CVE-2016-0603 vulnerability doesn't come as a surprise to most.

In promptly addressing the issue and applying the proper security patch, Oracle as averted a backlash from many of the 10's of applications affected by the DLL hijacking problem. By taking the report that first brought light to the DLL hijacking issue, released by German security researcher Stefan Kanthak, Oracle has gained some proverbial brownie points by a large number in the tech community. Many of the grateful individuals will be those who oversee potentially effected products like iTunes, Adobe Reader, Google Chrome, OpenOffice, VLC media, TrueCrypt, Firefox and Python.

There have been other similar cases where Oracle addressed the (CVE-2016-0602) issue in its VirtualBox VM installer, which was rolled out with an earlier Java SE installer update just last month.

As Oracle's Java sees its last days being numbered, we expect there to be many unforeseen issues arises out of Java. Already, the countless bugs over many years have been enough to keep the tech community on their heels no matter how secure a product claims to be that utilize Java in some form. On the flip side of things, it's great to see folks like Mr. Kantak come forward with their findings to address security issues that may potentially cause issues for a large population.

Loading...