1 recommendation |
chachazz
Premium Member
2013-Feb-27 8:55 pm
New holes discovered in latest Java versionsquote: 26 February 2013 - Security Explorations has informed Oracle of two new vulnerabilities in Java, "issue 54" and "issue 55", which it says can be combined to completely bypass Java's sandbox security. Adam Gowdiak, researcher at Security Explorations, told Softpedia that the problems are specific to Java 7 SE versions, and allow abuse of the Reflection API in Java, "in a particularly interesting way".
Ful article - The H Security |
|
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN
1 recommendation |
|
|
FFH5 Premium Member join:2002-03-03 Tavistock NJ
1 recommendation |
to chachazz
As fast as Java can patch existing exploits, new exploits pop up. |
|
angussf Premium Member join:2002-01-11 Tucson, AZ
1 recommendation |
to chachazz
Note that these are all browser-based. If you need java for an application, you can just disable java in your browser.
If you need java for just a few websites, you can use jPortable from portableapps.com along with a portable browser. |
|
|
to chachazz
"oracle" is arguing that one of the vulnerabilities isn't actually a vulnerability, which suggest that they will not address it.. adam gowdiak says that if oracle refuses to patch the vulnerability, he will release the code for the exploit.. then, i suppose, oracle will have to patch it.. » seclists.org/fulldisclos ··· /Feb/135 |
|
|
Wow WTF Oracle, they have such a freakin' attitude. The gall of those guys... when multiple white hat security experts are telling them of issues and they just dismiss them. Wait until the guys who aren't wearing the white hats get on these holes...
Makes me miss when Sun was still its own company, LOL, and Sun wasn't much better... |
|
|
to angussf
said by angussf:Note that these are all browser-based. If you need java for an application, you can just disable java in your browser. According to this InfoWorld article, there is no reliable way to disable Java in Internet Explorer: » www.infoworld.com/t/web- ··· k-211220 |
|
angussf Premium Member join:2002-01-11 Tucson, AZ |
angussf
Premium Member
2013-Mar-1 7:10 pm
said by jupitermoon:said by angussf:Note that these are all browser-based. If you need java for an application, you can just disable java in your browser. According to this InfoWorld article, there is no reliable way to disable Java in Internet Explorer: » www.infoworld.com/t/web- ··· k-211220 Which is why you shouldn't use IE as your primary browser. If you use it, use it only for those relatively few sites where Java is required. Or better yet set up a portable browser (Chrome, Firefox) with jPortable from PortableApps.com. |
|
rdhw join:2002-09-21 Cambridge UK
1 recommendation |
to jupitermoon
said by jupitermoon:there is no reliable way to disable Java in Internet Explorer: See » support.microsoft.com/kb/2751647"How to disable the Java web plug-in in Internet Explorer" |
|
RoboticsSee You On The Dark Side Premium Member join:2003-10-23 Louisa, VA 1 edit |
Robotics
Premium Member
2013-Mar-1 7:27 pm
I go there and get this: Sorry, the page you requested is not available. EDIT...guess everyone is going there. Now I can access the page minutes later from first trying. |
|
|
StuartMW
Premium Member
2013-Mar-1 7:37 pm
Working for me. |
|
|
to rdhw
Guess you didn't read the InfoWorld article! "Microsoft has released KB article 2751647, which describes how to disable the Java plug-in for Internet Explorer. However, we have found that due to the multitude of ways that Java can be invoked in Internet Explorer, their guidance (as well as our prior guidance) does not completely disable Java." "The Microsoft instructions kill about 20 Java CLSIDs. The CERT method kills almost 800 of them." |
|
1 recommendation |
to chachazz
Boring. News should be "Today no holes discovered in latest Java version" |
|