Programmer DD

Apr 22, 2022 · Information Security

Java ECDSA Bug Lets Attackers Forge SSL Certificates – What You Must Do

Oracle’s recent security update patches a critical Java vulnerability (CVE‑2022‑21449) that lets attackers forge SSL certificates, bypass two‑factor authentication, and create fraudulent digital signatures by exploiting a flaw in the ECDSA implementation of Java 15‑18, a bug rated as a crypto‑bug of the year.