Deja vu: another Java exploit for Oracle

By Dan Kaplan on Sep 3, 2012 8:06 AM
Filed under Security

Researcher finds new vulnerability.

Oracle soon may have another Java version 7 unpatched exploit on its hands.

Hours after the company that maintains Java released an emergency patch for a widespread malware attack, Polish research outfit Security Explorations said it discovered a new vulnerability in the software platform.

This bug, combined with previous flaws that it has reported to Oracle -- but which have so far gone unfixed -- could lead to a "complete JVM (Java Virtual machine) sandbox bypass in the environment of [the] latest Java SE (Standard Edition) software," Adam Gowdiak, the founder and CEO of Security Explorations, wrote in a Friday post to the Bugtraq mailing list.

His firm has delivered details of the vulnerability, along with a proof-of-concept, to Oracle. With the previous issue, exploit code leaked by someone, which enabled the attack to spread like wildfire.

Despite the patch from Oracle, most experts recommend that users permanently disable Java functionality in the browser. In fact, Microsoft, which makes the world's most heavily used browser, Internet Explorer, is developing a Fix-It tool to allow users to do just that.

This article originally appeared at scmagazineus.com

 
Follow us on Facebook and Twitter
 

Copyright © SC Magazine, US edition

Deja vu: another Java exploit for Oracle
Tags
 
 
 
 
 
Top Stories
Cloud vendor repatriates data to Australia to avoid "prying eyes"
Saasu also driven by latency and performance.
 
HP's futuristic new PC: the 3D Sprout
3D camera and projector allows interaction without mouse, keyboard.
 
iiNet rolls out 1000 Cisco wi-fi access points in Victoria
Free public wireless bolsters network infrastructure in Melbourne.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Is Microsoft right to limit the reseller channel for Surface?

Latest Comments
CRN Magazine

Issue: 332 | October 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.