dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1021

chachazz
Premium Member
join:2003-12-14

1 recommendation

chachazz

Premium Member

New holes discovered in latest Java versions

quote:
26 February 2013 - Security Explorations has informed Oracle of two new vulnerabilities in Java, "issue 54" and "issue 55", which it says can be combined to completely bypass Java's sandbox security. Adam Gowdiak, researcher at Security Explorations, told Softpedia that the problems are specific to Java 7 SE versions, and allow abuse of the Reflection API in Java, "in a particularly interesting way".
Ful article - The H Security

Blackbird
Built for Speed
Premium Member
join:2005-01-14
Fort Wayne, IN

1 recommendation

Blackbird

Premium Member

Similar thread here: »Java: Same Old Same Old

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

1 recommendation

FFH5 to chachazz

Premium Member

to chachazz
As fast as Java can patch existing exploits, new exploits pop up.

angussf
Premium Member
join:2002-01-11
Tucson, AZ

1 recommendation

angussf to chachazz

Premium Member

to chachazz
Note that these are all browser-based. If you need java for an application, you can just disable java in your browser.

If you need java for just a few websites, you can use jPortable from portableapps.com along with a portable browser.
redwolfe_98
Premium Member
join:2001-06-11

redwolfe_98 to chachazz

Premium Member

to chachazz
"oracle" is arguing that one of the vulnerabilities isn't actually a vulnerability, which suggest that they will not address it.. adam gowdiak says that if oracle refuses to patch the vulnerability, he will release the code for the exploit.. then, i suppose, oracle will have to patch it..

»seclists.org/fulldisclos ··· /Feb/135
SpHeRe31459
Premium Member
join:2002-10-09
Sacramento, CA

SpHeRe31459

Premium Member

Wow WTF Oracle, they have such a freakin' attitude. The gall of those guys... when multiple white hat security experts are telling them of issues and they just dismiss them. Wait until the guys who aren't wearing the white hats get on these holes...

Makes me miss when Sun was still its own company, LOL, and Sun wasn't much better...
jupitermoon
join:2011-09-27

jupitermoon to angussf

Member

to angussf
said by angussf:

Note that these are all browser-based. If you need java for an application, you can just disable java in your browser.

According to this InfoWorld article, there is no reliable way to disable Java in Internet Explorer:

»www.infoworld.com/t/web- ··· k-211220

angussf
Premium Member
join:2002-01-11
Tucson, AZ

angussf

Premium Member

said by jupitermoon:

said by angussf:

Note that these are all browser-based. If you need java for an application, you can just disable java in your browser.

According to this InfoWorld article, there is no reliable way to disable Java in Internet Explorer:

»www.infoworld.com/t/web- ··· k-211220

Which is why you shouldn't use IE as your primary browser. If you use it, use it only for those relatively few sites where Java is required.

Or better yet set up a portable browser (Chrome, Firefox) with jPortable from PortableApps.com.
rdhw
join:2002-09-21
Cambridge UK

1 recommendation

rdhw to jupitermoon

Member

to jupitermoon
said by jupitermoon:

there is no reliable way to disable Java in Internet Explorer:

See »support.microsoft.com/kb/2751647
"How to disable the Java web plug-in in Internet Explorer"

Robotics
See You On The Dark Side
Premium Member
join:2003-10-23
Louisa, VA

1 edit

Robotics

Premium Member

said by rdhw:

said by jupitermoon:

there is no reliable way to disable Java in Internet Explorer:

See »support.microsoft.com/kb/2751647
"How to disable the Java web plug-in in Internet Explorer"

I go there and get this:

Sorry, the page you requested is not available.

EDIT...guess everyone is going there. Now I can access the page minutes later from first trying.

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

Working for me.
jupitermoon
join:2011-09-27

jupitermoon to rdhw

Member

to rdhw
said by rdhw:

See »support.microsoft.com/kb/2751647
"How to disable the Java web plug-in in Internet Explorer"

Guess you didn't read the InfoWorld article!

"Microsoft has released KB article 2751647, which describes how to disable the Java plug-in for Internet Explorer. However, we have found that due to the multitude of ways that Java can be invoked in Internet Explorer, their guidance (as well as our prior guidance) does not completely disable Java."

"The Microsoft instructions kill about 20 Java CLSIDs. The CERT method kills almost 800 of them."
Velnias
join:2004-07-06
233322

1 recommendation

Velnias to chachazz

Member

to chachazz
Boring.

News should be "Today no holes discovered in latest Java version"