dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1519
share rss forum feed

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable

1 recommendation

Java: Same Old Same Old

more security-holes in java 7.15:

»news.softpedia.com/news/Zero-Day···57.shtml

Adam Gowdiak, the CEO of Security Explorations, has told Softpedia that they’ve uncovered two security issues, which they’ve dubbed “issue 54” and “issue 55.”

When combined, the flaws can be leveraged to achieve a complete bypass of the Java security sandbox.

Oracle has been provided with the details of the newly uncovered bugs, but so far, it has only confirmed receiving the information. Most likely, the company will confirm the existence of the flaws in the upcoming days.

“Both new issues are specific to Java SE 7 only. They allow to abuse the Reflection API in a particularly interesting way,” Gowdiak noted. “Without going into further details, everything indicates that the ball is in Oracle's court. Again.”

The experts have tested their findings against the initial release of Java SE 7, Java SE 7 Update 11, and Java SE 7 Update 15, which is the version released a few days ago.

Oracle released its February Critical Patch Update (CPU) ahead of schedule. The CPU released on February 1 addressed a total of 50 Java vulnerabilities.

However, the company released an updated CPU on February 19 to fix an additional 5 security issues.

The next CPU is scheduled for April 16, but if experts discover that issue 54 and issue 55 are exploited in the wild, Oracle could release another out-of-band patch.

In the meantime, experts keep advising users to disable Java if they don’t need it for their everyday tasks. The new advisories come in light of the recent breaches reported by Facebook, Apple and Microsoft.

In all of these incidents, it’s believed that cybercriminals have leveraged a Java vulnerability to distribute malware onto the organizations' computers.



Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation



Wait... there's something wrong with my cup of Java....? Again!?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

I'm a (hot) tea drinker myself



Raphion

join:2000-10-14
Samsara
reply to redwolfe_98

Patching Java seems a lot like patching up a busted balloon now.

....or putting a dropped coffee cup back together with superglue.



goalieskates
Premium
join:2004-09-12
land of big

1 recommendation

reply to redwolfe_98

said by redwolfe_98:

In the meantime, experts keep advising users to disable Java if they don’t need it for their everyday tasks.

Well, I do need it, so I find that "expert advice" somewhat specious, even annoying. Java's the current whipping boy, but a whole lot of programs have vulnerabilities. That's why we layer security - and install patches. Including patches to Facebook, Apple, and Microsoft.


FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

4 recommendations

reply to Dustyn

said by Dustyn:



Wait... there's something wrong with my cup of Java....? Again!?

Java needs a new avatar. Perhaps Humpty Dumpty.

--
I will be perfectly happy if the budget cuts specified in the Budget Control Act go into effect. 3 cheers for the sequester. Take the money from the drunken federal spenders.


joako
Premium
join:2000-09-07
/dev/null
kudos:6
reply to redwolfe_98

My firewall starts blocking sites when a new version of Java is released. Is there any way to get email alerts?
--
PRescott7-2097



jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
Reviews:
·Cox HSI
·Speakeasy
reply to Raphion

said by Raphion:

Patching Java seems a lot like patching up a busted balloon now.

....or putting a dropped coffee cup back together with superglue.

The superglue works. Java doesn't.

Stumbles

join:2002-12-17
Port Saint Lucie, FL
Reviews:
·AT&T U-Verse
reply to Raphion

Reminds me of a Spongebob episode where he and Patrick "steal" a balloon not knowing it was free balloon day to play with only it pops. Realizing they can't take the "borrowed" balloon back they quickly pick up the pieces and in cartoon physics reassemble it; only for it to pop again.



joako
Premium
join:2000-09-07
/dev/null
kudos:6

1 recommendation

reply to redwolfe_98

So I was helping someone with their ADP and Java pops up a message your java is vulnerable why don't you upgrade instead? message. I upgrade Java and it turns out ADP requires Java 6.

Great!
--
PRescott7-2097



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico
reply to redwolfe_98

Another Java zero-day exploit in the wild actively attacking targets
Article

Oracle investigating after two more Java 7 zero-day flaws found
Article



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
reply to redwolfe_98

Also see: Criticism of Java



redxii
Premium,Mod
join:2001-02-26
Sherwood, MI
reply to redwolfe_98

said by redwolfe_98:

In the meantime, experts keep advising users to disable Java if they don’t need it for their everyday tasks.

I stopped using/installing Java years ago.
--
Moe, I need your advice… See I've got this friend named Joey Joe-Joe... Junior... Shabadoo..


VikingBob

join:2004-06-05
Ste Anne, MB

1 recommendation

reply to redwolfe_98

I've switched from Java to Beer. I'm much happier now.