| Java: Same Old Same Old more security-holes in java 7.15:
»news.softpedia.com/news/Zero-Day···57.shtml
Adam Gowdiak, the CEO of Security Explorations, has told Softpedia that they’ve uncovered two security issues, which they’ve dubbed “issue 54” and “issue 55.”
When combined, the flaws can be leveraged to achieve a complete bypass of the Java security sandbox.
Oracle has been provided with the details of the newly uncovered bugs, but so far, it has only confirmed receiving the information. Most likely, the company will confirm the existence of the flaws in the upcoming days.
“Both new issues are specific to Java SE 7 only. They allow to abuse the Reflection API in a particularly interesting way,” Gowdiak noted. “Without going into further details, everything indicates that the ball is in Oracle's court. Again.”
The experts have tested their findings against the initial release of Java SE 7, Java SE 7 Update 11, and Java SE 7 Update 15, which is the version released a few days ago.
Oracle released its February Critical Patch Update (CPU) ahead of schedule. The CPU released on February 1 addressed a total of 50 Java vulnerabilities.
However, the company released an updated CPU on February 19 to fix an additional 5 security issues.
The next CPU is scheduled for April 16, but if experts discover that issue 54 and issue 55 are exploited in the wild, Oracle could release another out-of-band patch.
In the meantime, experts keep advising users to disable Java if they don’t need it for their everyday tasks. The new advisories come in light of the recent breaches reported by Facebook, Apple and Microsoft.
In all of these incidents, it’s believed that cybercriminals have leveraged a Java vulnerability to distribute malware onto the organizations' computers. |
|
 DustynPremium
join:2003-02-26
Ontario, CAN
kudos:10 |
Wait... there's something wrong with my cup of Java....? Again!? |
|
|
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | I'm a (hot) tea drinker myself  |
|
| reply to redwolfe_98
Patching Java seems a lot like patching up a busted balloon now.
....or putting a dropped coffee cup back together with superglue.  |
|
| reply to redwolfe_98
said by redwolfe_98:In the meantime, experts keep advising users to disable Java if they don’t need it for their everyday tasks.
Well, I do need it, so I find that "expert advice" somewhat specious, even annoying. Java's the current whipping boy, but a whole lot of programs have vulnerabilities. That's why we layer security - and install patches. Including patches to Facebook, Apple, and Microsoft. |
|
 LinklistPremium
join:2002-03-03
Longport, NJ
kudos:5 | reply to Dustyn
said by Dustyn:Wait... there's something wrong with my cup of Java....? Again!? Java needs a new avatar. Perhaps Humpty Dumpty.
--
I will be perfectly happy if the budget cuts specified in the Budget Control Act go into effect. 3 cheers for the sequester. Take the money from the drunken federal spenders. |
|
 joakoPremium
join:2000-09-07
/dev/null
kudos:5 | reply to redwolfe_98
My firewall starts blocking sites when a new version of Java is released. Is there any way to get email alerts?
--
PRescott7-2097 |
|
 jaykaykay4 Ever YoungPremium,MVM
join:2000-04-13
Scottsdale, AZ
kudos:22 | reply to Raphion
said by Raphion:Patching Java seems a lot like patching up a busted balloon now.
....or putting a dropped coffee cup back together with superglue.
The superglue works. Java doesn't. |
|
Stumbles
join:2002-12-17
Port Saint Lucie, FL Reviews:
 ·AT&T U-Verse
| reply to Raphion
Reminds me of a Spongebob episode where he and Patrick "steal" a balloon not knowing it was free balloon day to play with only it pops. Realizing they can't take the "borrowed" balloon back they quickly pick up the pieces and in cartoon physics reassemble it; only for it to pop again. |
|
joakoPremium
join:2000-09-07
/dev/null
kudos:5 | reply to redwolfe_98
So I was helping someone with their ADP and Java pops up a message your java is vulnerable why don't you upgrade instead? message. I upgrade Java and it turns out ADP requires Java 6.
Great!
--
PRescott7-2097 |
|
 siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17
 ·Bell Sympatico
| reply to redwolfe_98
Another Java zero-day exploit in the wild actively attacking targets
• Article
Oracle investigating after two more Java 7 zero-day flaws found
• Article |
|
siljalineI'm lovin' that double widePremium
join:2002-10-12
Montreal, QC
kudos:17 | reply to redwolfe_98
Also see: Criticism of Java |
|
 redxiiPremium,Mod
join:2001-02-26
Sherwood, MI
Suddenlink
ISDN
Fiber Optic
Broadband Tweaks
/dev/null
| reply to redwolfe_98
said by redwolfe_98:In the meantime, experts keep advising users to disable Java if they don’t need it for their everyday tasks. I stopped using/installing Java years ago.
--
Moe, I need your advice… See I've got this friend named Joey Joe-Joe... Junior... Shabadoo.. |
|
| reply to redwolfe_98
I've switched from Java to Beer. I'm much happier now. |
|
