Jump to content

Recommended Posts

Posted

http://arstechnica.com/security/2012/09/yet-another-java-flaw-allows-complete-bypass-of-security-sandbox/

 

Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security hole in Java SE 7 letting attackers take complete control of PCs. But this latest exploit affects Java SE 5, 6, and 7—the last eight years worth of Java software.

 

Gowdiak and his team have found a total of 50 Java flaws. While this latest one apparently isn’t being exploited in the wild yet, another that was being exploited was patched by Oracle last month, reportedly four months after Oracle learned of the vulnerability.

 

We asked Oracle for comment this afternoon and have not heard back yet.

 

:breakfast:

V.T. Eric Layton
Posted

Time to fix it, I guess. Huh?

Guest LilBambi
Posted

Oracle really needs to get rolling on being proactive on this type of thing instead of reactive.

 

There are way too many commercial programs and other programs too that use Java to throw it away because of repeated vulnerabilities like this.

Posted

I haven't missed having Java on my computer. I removed it well over two years ago and have yet run into a program or website that needed it.

Posted

I need java for LogMeIn, but that's about it.

 

Adam

Guest LilBambi
Posted

There are quite a few programs out there similar to LogMeIn that use Java too including GoToAssist/Citrix.

 

Plus the military could do better than requiring users to run an older version for a site the user has no control over.

 

Additional information regarding accessing myInvoice: Java 7 does not currently work with Oracle Forms and Reports, so a high version of Java 6 is required ...

 

I am not going to post the link but that's not good at all.

V.T. Eric Layton
Posted

I need java every morning... sometimes, in the afternoon, too. ;)

Posted (edited)

Unfortunately OpenOffice needs Java; not surprising when you know they are both Oracle products.

LibreOffice needs it too but they are going to do away with Java in the next version. Currently only the database part, I think requires it.

Edited by zlim
Posted

That is excellent.... because Java made it slow as molasses flowing uphill in January.

Guest LilBambi
Posted

I am sure LibreOffice also uses it and I definitely use that.

 

It is an excellent thing that LibreOffice is moving away from Java. But there are still many things that need it.

 

I bet there are still many medical programs that are using an ANCIENT version of Java too.

Guest LilBambi
Posted

Yes, they used to use java for that, but didn't they move to Flash? Pretty sure they did.

 

Which I thought was so silly when they first did that because Flash isn't much better. :hysterical:

Posted

Yes, they used to use java for that, but didn't they move to Flash? Pretty sure they did.

 

Which I thought was so silly when they first did that because Flash isn't much better. :hysterical:

 

Whoops, you're correct. They switched to Flash. My bad. :whistling:

Posted

At least Adobe updates Flash Player faster than Oracle addresses Java issues.

Posted

Flash is also a lot easier to turn off and on when you need to use it briefly. Too bad there is not a site by site java turn on tool. :'(

I haven't gone to the site I use that requires java.

Posted

Only temmu could come up with an answer like that! :w00tx100:

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...