Researcher Develops Patch For Java Zero Day In 30 Minutes

Researcher Develops Patch For Java Zero Day In 30 Minutes 57

Posted by Soulskill on Tuesday October 23, 2012 @06:18PM from the 30-minutes-or-less-or-your-zero-day-is-free dept.

Trailrunner7 writes "A security researcher has submitted to Oracle a patch he said took him 30 minutes to produce that would repair a zero-day vulnerability currently exposed in Java SE. He hopes his actions will spur Oracle to issue an out-of-band patch for the sandbox-escape vulnerability, rather than wait for the February 2013 Critical Patch Update as Oracle earlier said it would. Adam Gowdiak of Polish security consultancy Security Explorations reported the vulnerability to Oracle on Sept. 25, as well as proof-of-concept exploit code his team produced. The vulnerability is present in Java versions 5, 6 and 7 and would allow an attacker to remotely control an infected machine once a user landed on a malicious website hosting the exploit. Gowdiak said his proof-of-concept exploit was successfully used against a fully patched Windows 7 machine using Firefox 15.0.1, Chrome 21, IE 9, Opera 12, and Safari 5.1.7."

Researcher Develops Patch For Java Zero Day In 30 Minutes

Search 57 Comments Log In/Create an Account

Comments Filter:

Patch right here! (Score:5, Funny)

by Deathlizard ( 115856 ) writes: on Tuesday October 23, 2012 @06:46PM (#41746189) Homepage Journal

Windows [java.com]
Linux [java.com]
Mac OS X [java.com]

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Researcher Develops Patch For Java Zero Day In 30 Minutes 57

Researcher Develops Patch For Java Zero Day In 30 Minutes More Login

Researcher Develops Patch For Java Zero Day In 30 Minutes

Patch right here! (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot