Jump to content

Yet another Java flaw allows “complete” bypass of security sandbox


abarbarian

Recommended Posts

http://arstechnica.com/security/2012/09/yet-another-java-flaw-allows-complete-bypass-of-security-sandbox/

 

Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security hole in Java SE 7 letting attackers take complete control of PCs. But this latest exploit affects Java SE 5, 6, and 7—the last eight years worth of Java software.

 

Gowdiak and his team have found a total of 50 Java flaws. While this latest one apparently isn’t being exploited in the wild yet, another that was being exploited was patched by Oracle last month, reportedly four months after Oracle learned of the vulnerability.

 

We asked Oracle for comment this afternoon and have not heard back yet.

 

:breakfast:

Link to comment
Share on other sites

Guest LilBambi

Oracle really needs to get rolling on being proactive on this type of thing instead of reactive.

 

There are way too many commercial programs and other programs too that use Java to throw it away because of repeated vulnerabilities like this.

Link to comment
Share on other sites

Guest LilBambi

There are quite a few programs out there similar to LogMeIn that use Java too including GoToAssist/Citrix.

 

Plus the military could do better than requiring users to run an older version for a site the user has no control over.

 

Additional information regarding accessing myInvoice: Java 7 does not currently work with Oracle Forms and Reports, so a high version of Java 6 is required ...

 

I am not going to post the link but that's not good at all.

Link to comment
Share on other sites

Unfortunately OpenOffice needs Java; not surprising when you know they are both Oracle products.

LibreOffice needs it too but they are going to do away with Java in the next version. Currently only the database part, I think requires it.

Edited by zlim
Link to comment
Share on other sites

Guest LilBambi

I am sure LibreOffice also uses it and I definitely use that.

 

It is an excellent thing that LibreOffice is moving away from Java. But there are still many things that need it.

 

I bet there are still many medical programs that are using an ANCIENT version of Java too.

Link to comment
Share on other sites

Guest LilBambi

Yes, they used to use java for that, but didn't they move to Flash? Pretty sure they did.

 

Which I thought was so silly when they first did that because Flash isn't much better. :hysterical:

Link to comment
Share on other sites

Yes, they used to use java for that, but didn't they move to Flash? Pretty sure they did.

 

Which I thought was so silly when they first did that because Flash isn't much better. :hysterical:

 

Whoops, you're correct. They switched to Flash. My bad. :whistling:

Link to comment
Share on other sites

Flash is also a lot easier to turn off and on when you need to use it briefly. Too bad there is not a site by site java turn on tool. :'(

I haven't gone to the site I use that requires java.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...