| New holes discovered in latest Java versions quote:
26 February 2013 - Security Explorations has informed Oracle of two new vulnerabilities in Java, "issue 54" and "issue 55", which it says can be combined to completely bypass Java's sandbox security. Adam Gowdiak, researcher at Security Explorations, told Softpedia that the problems are specific to Java 7 SE versions, and allow abuse of the Reflection API in Java, "in a particularly interesting way".
Ful article - The H Security |
|
 BlackbirdBuilt for SpeedPremium
join:2005-01-14
Fort Wayne, IN
kudos:3 | Similar thread here: »Java: Same Old Same Old |
|
 LinklistPremium
join:2002-03-03
Longport, NJ
kudos:5 | reply to chachazz
As fast as Java can patch existing exploits, new exploits pop up. |
|
 angussfPremium
join:2002-01-11
Tucson, AZ
kudos:4 | reply to chachazz
Note that these are all browser-based. If you need java for an application, you can just disable java in your browser.
If you need java for just a few websites, you can use jPortable from portableapps.com along with a portable browser. |
|
| reply to chachazz
"oracle" is arguing that one of the vulnerabilities isn't actually a vulnerability, which suggest that they will not address it.. adam gowdiak says that if oracle refuses to patch the vulnerability, he will release the code for the exploit.. then, i suppose, oracle will have to patch it..
»seclists.org/fulldisclosure/2013/Feb/135 |
|
| Wow WTF Oracle, they have such a freakin' attitude. The gall of those guys... when multiple white hat security experts are telling them of issues and they just dismiss them. Wait until the guys who aren't wearing the white hats get on these holes...
Makes me miss when Sun was still its own company, LOL, and Sun wasn't much better... |
|
|
|
| reply to angussf
said by angussf:Note that these are all browser-based. If you need java for an application, you can just disable java in your browser. According to this InfoWorld article, there is no reliable way to disable Java in Internet Explorer:
»www.infoworld.com/t/web-browsers···k-211220 |
|
angussfPremium
join:2002-01-11
Tucson, AZ
kudos:4 | Which is why you shouldn't use IE as your primary browser. If you use it, use it only for those relatively few sites where Java is required.
Or better yet set up a portable browser (Chrome, Firefox) with jPortable from PortableApps.com.
--
Angus S-F
GeoApps, Tucson, Arizona, USA
»geoapps.com/
»www.linkedin.com/in/angussf
»geoapps.blogspot.com/ |
|
rdhw
join:2002-09-21
Cambridge UK | reply to jupitermoon
said by jupitermoon:there is no reliable way to disable Java in Internet Explorer: See »support.microsoft.com/kb/2751647
"How to disable the Java web plug-in in Internet Explorer"
--
Robin Walker |
|
 RoboticsSee You On The Dark SidePremium
join:2003-10-23
Louisa, VA
 ·Verizon Wireless..
 ·Comcast
1 edit | I go there and get this:
Sorry, the page you requested is not available.
EDIT...guess everyone is going there. Now I can access the page minutes later from first trying.
--
Long you live and high you fly, and smiles you'll give and tears you'll cry,
and all you touch and all you see, is all your life will ever be. |
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
kudos:2 | Working for me. |
|
| reply to rdhw
Guess you didn't read the InfoWorld article!
"Microsoft has released KB article 2751647, which describes how to disable the Java plug-in for Internet Explorer. However, we have found that due to the multitude of ways that Java can be invoked in Internet Explorer, their guidance (as well as our prior guidance) does not completely disable Java."
"The Microsoft instructions kill about 20 Java CLSIDs. The CERT method kills almost 800 of them." |
|
| reply to chachazz
Boring.
News should be "Today no holes discovered in latest Java version"
 |
|
