It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Another critical Java bug arrives Another critical Java bug arrives
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Another critical Java bug arrives
Reply
 
Thread Tools
Old 27th September 2012, 08:29   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 153,541
Stefan Mileschin Freshly Registered
Default Another critical Java bug arrives

Oracle is setting up the bunting for its JavaOne 2012 conference in San Francisco, just as researchers from the Polish insecurity outfit Security Explorations found another critical hole in the company's Java software.

According to Security Explorations' researcher Adam Gowdiak, who sent the email to the Full Disclosure Seclist, this Java exploit affects "one billion users of Oracle Java SE software".

Gowdiak told Computerworld that the hole will have a bigger impact on Java users than any previous problem.

It affects Java 5, 6 and 7 while most of the previous problems with Java have effected its latest version 7.

The last critical security flaw that Oracle just patched was on 30 August. This one is allegedly so bad that users were advised to disable Java on their browsers if they wanted to avoid it.

In this case all the latest web browsers with the latest Java SE software will have to do the same thing.

Gowdiak said his company found 50 problems in various Java SE implementations including 17 different complete sandbox bypass exploits. It reported two issues to Apple and 17 to IBM.

Oracle have not got back to him yet on the bugs.

The bug allows attackers to violate a fundamental security constraint of a Java Virtual Machine.

He said that all you can do is disable Java Plugin in the web browser and wait for the patches from Oracle.

There are still three weeks until the scheduled Java Oct Critical Patch Update, so it might be possible that the bug will be addressed by the company on 16 Oct 2012, he said.

http://news.techeye.net/security/ano...va-bug-arrives
Stefan Mileschin is offline   Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Second Java Zero-Day Exploit Uncovered Stefan Mileschin WebNews 0 31st August 2012 07:48
Oracle to Issue 14 Patches for Java SE Stefan Mileschin WebNews 0 11th June 2012 08:47
Run Windows XP and Ubuntu 8 in your browser with JAVA jmke WebNews 0 27th July 2011 13:45
Java-based Trojan For Mac OS X Discovered jmke WebNews 0 28th October 2010 08:34
Apple To Remove Java from Mac OS X? jmke WebNews 1 21st October 2010 17:04
Java stuff... AngeluS Hardware/Software Problems, Bugs 7 24th December 2005 02:29
Critical temp of a NB ? The_Loserkid Hardware Overclocking and Case Modding 2 22nd August 2003 23:06
Learn Java Dial_Up Hardware/Software Problems, Bugs 3 7th June 2003 14:52
java problem Vicelord- Hardware/Software Problems, Bugs 2 30th October 2002 10:05

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 04:32.


Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO