Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Bug Java Oracle Security

Java Exploit Patched? Not So Fast 87

Posted by timothy from the few-beans-short dept.
PCM2 writes "The Register reports that Security Explorations' Adam Gowdiak says there is still an exploitable vulnerability in the Java SE 7 Update 7 that Oracle shipped as an emergency patch yesterday. 'As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.'"
This discussion has been archived. No new comments can be posted.

Java Exploit Patched? Not So Fast More

Java Exploit Patched? Not So Fast

Comments Filter:

  • Re:Arrrrrg (Score:2, Informative)

    by Anonymous Coward on Friday August 31, 2012 @07:12PM (#41195587)

    Sandbox it externally. Don't rely on JRE to do it for you.

  • Re:Arrrrrg (Score:5, Informative)

    by Nerdfest ( 867930 ) on Friday August 31, 2012 @07:45PM (#41195821)

    I may have this wrong, but isn't this exploit only possible if you have Java enabled in your browser, which you only need to run Java applets? When was the last time you saw a Java applet? Disable it. I'm surprised it's still enabled by default (I think it's actually disabled in Chrome).

  • Re:Arrrrrg (Score:4, Informative)

    by Nerdfest ( 867930 ) on Friday August 31, 2012 @07:56PM (#41195889)

    That product is pretty much a security exploit by its very nature.

  • Re:WORE (Score:5, Informative)

    by SplashMyBandit ( 1543257 ) on Friday August 31, 2012 @09:54PM (#41196609)

    > With Java, you can exploit OS X, Linux, BSD, any ...
    I know you say "Java applets" later on, but it is important to qualify this at every stage (since even the techie Slashdot readers appear to be horribly ignorant that there are differences between JavaScript, Java applets and Java applications).

    Readers should take note:

    1. 1) In general Java applications and web services are secure (in fact, more secure than C++ etc)
    2. 2) It is malicious Java applets that pose a potential risk to users (just like malicious buffer-overrun inducing JPEG images do).

    Now cue the hundreds of Java-hating posts that don't know the difference between JavaScript, Java applets and Java applications/servlets but still think that some other technology is more secure (hint: it is not - every tech out there has holes that get discovered from time to time - including your operating system).

Slashdot Top Deals

Remember, UNIX spelled backwards is XINU. -- Mt.

Close