Java Exploit Patched? Not So Fast 87
PCM2 writes "The Register reports that Security Explorations' Adam Gowdiak says there is still an exploitable vulnerability in the Java SE 7 Update 7 that Oracle shipped as an emergency patch yesterday. 'As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.'"
Arrrrrg (Score:5, Insightful)
Re:Arrrrrg (Score:5, Insightful)
Using what, a VM? That's probably the easiest and most cross-platform, but that hardly makes it easy (especially since VMs that are designed for easy use make extremely poor sandboxes). AppArmor or SELinux or some such? Well beyond the capabilities of most users. A dedicated low-privilege user account? That's possible on pretty much any platform, but will still leave a mess that you'll have to clean up afterward.
Besides, I'd really rather stop before the attacker gets arbitrary code execution on my machine. Java is disabled or simply not present on my machines, thank you.
Re:Arrrrrg (Score:5, Insightful)
Try using Webex without Java enabled in your browser.
Re:about:addons (Score:4, Insightful)
Protip, your ass.
The real protip? If your bank requires you to enable java or flash to use their site, you're banking in the wrong place.
Now, pull your head out of your ass, and thing "security" instead of "convenience".