Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross-Platform Java Sandbox Exploit

Posted by timothy on from the suck dept.

DrWho520 points out this report at silicon.com which begins "A flaw in Sun's plug-in for running Java on a variety of browsers and operating systems could allow a virus to spread through Microsoft Windows and Linux PCs. The vulnerability, found by Finnish security researcher Jouko Pynnonen in June, was patched last month by Sun, but its details were not made public until Tuesday." The hole affects Linux and Windows.

3 of 382 comments (clear)

  1. Re:Makes me wonder... by I+confirm+I'm+not+a · · Score: 4, Informative

    ...Or better, since Java runs in a (relatively) secure sandbox. It's worth noting, from the article, that there hasn't to date been a single Java virus. This is bad, but it has to get a lot worse before comparison with ActiveX is warranted.

    --
    This is where the serious fun begins.
  2. Re:Windows and Linux? by DaEMoN128 · · Score: 4, Informative

    There are already proof of concept viri that work on both linux and windows.
    http://antivirus.about.com/library/weekly/aa032801 a.htm/
    http://www.itworld.com/AppDev/1312/IWD010328hnvirl in//
    looks like this has been happening since 2001 according to the itworld article (look at the date in the upper left hand corner.)
    the only thing that has changed is the vector of infection. There was also a /. article if i remember right, but i can't seem to get the right search terms to find it.

    --
    Stop signs are only Suggestions
  3. Re:Opera not affected by Anonymous Coward · · Score: 5, Informative

    Actually the Java in Opera is even worse: http://archives.neohapsis.com/archives/bugtraq/200 4-11/0250.html