BlackbirdBuilt for SpeedPremiumReviews:
Fort Wayne, IN
|reply to chachazz |
Re: Java SE 7 update 13 / Java SE 6 update 39
I wonder how all these fixes play against the vulnerability in Java 7 update 11 revealed be security researcher Adam Gowdiak in his web posting on 27 Jan 2013, which indicated a significant vulnerability existed in Java allowing the Java Control Panel security setting to be bypassed for unsigned Java apps in a web browser. His disclosure is here: (SE-2012-01) An issue with new Java SE 7 security features...
... What we found out and what is a subject of a new security vulnerability (Issue 53) is that unsigned Java code can be successfully executed on a target Windows system regardless of the four Java Control Panel settings described above. Our Proof of Concept code that illustrates Issue 53 has been successfully executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with "Very High" Java Control Panel security settings.
The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. A. de Tocqueville
Gowdisk seems to think Java can be disabled in the browser. That is not true for IE.
»Re: Feds warn PC users to disable Java
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson