Forgot your password?
typodupeerror
Java Security

Oracle Patches Java 7 Vulnerability 58

Posted by samzenpus
from the patch-it-up dept.
First time accepted submitter JavaBear writes "Oracle have just released the u7 release of their Java 7. From the article: 'In response to the findings of a recent vulnerability in Java 7 that was being exploited by malware developers, Oracle has released an official patch that takes care of the problem. In the past week, a new vulnerability was unveiled in Oracle's Java 7 runtime, which has been used by hackers in targeted attacks on Windows-based systems. Similar to the recent Flashback malware in OS X, this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet."
This discussion has been archived. No new comments can be posted.

Oracle Patches Java 7 Vulnerability

Comments Filter:
  • Patches? (Score:4, Funny)

    by superdave80 (1226592) on Thursday August 30, 2012 @06:19PM (#41184997)
    Given all the news lately, I first read that as 'Patents'...
  • by El_Oscuro (1022477) on Thursday August 30, 2012 @06:49PM (#41185223) Homepage
    Apparantely so. Just google Oracle TNS Listener Poison vulnerability [teamshatter.com] for a real cluster fuck.
  • Re:sweet (Score:5, Funny)

    by Charliemopps (1157495) on Thursday August 30, 2012 @07:50PM (#41185585)
    I have to deal with Oracle every day. They operate much like a company that I used to work for... ATT. ATT is so large, so ubiquitous, their profits so untouchable, that they just don't give a shit anymore. They don't need to. To address a problem, ATT creates a new department, at the expense of millions of dollars. Often that new department does something as trivial as copy data from one system to another. Hiring a team of 10 people to do manual data entry all day every day is easier/cheaper than paying developers to do it right.

    Knowing what I know of Oracle, I'm sure that the "Mal-ware investigatory department" sent in form 24b-FF with a priority level 3 as soon as they knew about the issue. That form was received by a "Critical patch program director" who then scheduled the appropriate conference calls and meetings to discuss who would head up, design, testing, implementation, cost projections, etc... Once the team was assembled 2hr meetings with catered lunch were scheduled daily to discuss progress and adjusted cost projections. Now that the patch has been released, they will enter a post patch analysis of self aggrandizing back patting.

    You can't get rid of Oracle. They are the ATT of Databases. Everyone is stuck with them, they know it, we just have to bend over and hope they use lube.

The speed of anything depends on the flow of everything.

Working...