Slashdot Mirror


Cross-Platform Java Sandbox Exploit

DrWho520 points out this report at silicon.com which begins "A flaw in Sun's plug-in for running Java on a variety of browsers and operating systems could allow a virus to spread through Microsoft Windows and Linux PCs. The vulnerability, found by Finnish security researcher Jouko Pynnonen in June, was patched last month by Sun, but its details were not made public until Tuesday." The hole affects Linux and Windows.

1 of 382 comments (clear)

  1. Re:Makes me wonder... by fforw · · Score: 4, Interesting
    ...If java is really just as bad as ActiveX
    no.

    This the only cross plattform security issue known. and it's a theoretical one, no exploits known.

    One failure in a secure sandbox environment is still not as bad as an environment where any code is executed and the security consists of the developer saying:

    "I don't think I built in something harmfull and sign that belief with this digital signature"

    --
    while (!asleep()) sheep++