Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross-Platform Java Sandbox Exploit

Posted by timothy on from the suck dept.

DrWho520 points out this report at silicon.com which begins "A flaw in Sun's plug-in for running Java on a variety of browsers and operating systems could allow a virus to spread through Microsoft Windows and Linux PCs. The vulnerability, found by Finnish security researcher Jouko Pynnonen in June, was patched last month by Sun, but its details were not made public until Tuesday." The hole affects Linux and Windows.

5 of 382 comments (clear)

  1. Re:Windows and Linux? by rdc_uk · · Score: 1, Funny

    What the article says is that the same exploit (same hole in the Java Runtime Engine's security) allows access to multiple OSes (through multiple browsers)

    So; johnny hacker writes his Java exploit; part of which decides what OS it is currently fiddling with, then has it deposit an appropriate payload for the OS.

    Voila; spreads through Windows and Linux.

    Write once, run anywhere :)

  2. Java finally reaches its full potential by scatter_gather · · Score: 5, Funny

    Write once, exploit everywhere!
    :)

  3. Write once, infect everywhere! by dangermen · · Score: 1, Funny

    Write once, infect everywhere!

  4. Linux!?! Nooo by NitsujTPU · · Score: 1, Funny

    Linux?

    No, no, it can't be? Linux is invulnerable to virii!

  5. Java == Java Sandbox... ohpps! by Ghoser777 · · Score: 2, Funny

    You were comparing references (memory addresses) instead of actual values. I think you should have used:

    Java.equals(JavaSandbox)

    instead. It's a common mistake, don't sweat it.

    --
    James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."