Qualys VMDR team is going to extend support for Oracle Java discovery. With the latest modifications, we are enhancing our ability to detect Oracle Java instances on macOS.
In December 2020, we added enhanced discovery for Oracle Java instances actively running and used during network scanner or agent scans on Unix/Linux operating systems.
Finding Oracle Java instances deployed in non-standard locations is one of the significant problems security teams face. With the enhanced functionality, we are expanding the coverage by identifying Oracle Java installations using a more extensive method, utilizing data acquired from active processes and commands that help us discover more inclusively.
The discovery relies on the commands mentioned below:
- locate ‘java’ | grep ‘/java$’
- mdfind -name ‘java’ | grep ‘java$’
The commands are used to find custom-installed Java paths. After confirming the installation is an Oracle Java instance, we extract the base version using the signature.
Starting with the January 2023 Oracle Patch Tuesday, i.e., January 17, 2023, we will add Oracle Java detections for quarterly Oracle critical patch updates for macOS. Additionally, IG QID 48157 will also be updated on January 17, 2023, to support macOS. The IG QID 48157 helps customers identify Oracle Java instances on macOS and other supported Linux OS.