Slashdot Mirror


Sun Pushes Emergency Java Patch

Trailrunner7 writes "In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks. The patch comes less than a week after Sun told a Google researcher it did not consider the issue serious enough to warrant an out-of-cycle patch and less than a day after researchers spotted live exploits on a booby-trapped Web site. The flaw, which was also discovered independently by Ruben Santamarta, occurs because the Java-Plugin Browser is running 'javaws.exe' without validating command-line parameters. Despite the absence of documentation, a researcher was about to figure out that Sun removed the code to run javaws.exe from the Java plugin. The about-face by Sun is another sign that some big vendors still struggle to understand the importance of working closely with white hat researchers to understand the implications of certain vulnerabilities. In this case, Google's Tavis Ormandy was forced to use the full-disclosure weapon to force the vendor into a proper response."

6 of 90 comments (clear)

  1. Summary reads better with hyphenated words only by bugeaterr · · Score: 5, Funny

    about-face
    drive-by
    in-the-wild
    out-of-cycle
    booby-trapped
    Java-Plugin
    command-line
    about-face
    full-disclosure

    1. Re:Summary reads better with hyphenated words only by OrwellianLurker · · Score: 2, Funny

      What do you expect from Tim-Othy?

      --
      'Political power grows out of the barrel of a gun.' - Mao Tse-tung
  2. Need a new breed of white hat by syousef · · Score: 4, Funny

    I think White Hats need to not only use that threat, but follow up on it, more regularly so that serious flaws like this get the attention they deserve.

    I recommend we coin a new term for this elite breed of white hat. White hats that are more aggressive. Not afraid to be an asshole when required. I would like to propose: "ass hats"

    --
    These posts express my own personal views, not those of my employer
  3. Re:Oracle by Anonymous Coward · · Score: 1, Funny

    That's no Sun.

  4. Write once, exploit everywhere by Slashcrunch · · Score: 4, Funny

    "Write once, exploit everywhere"

    Well, someone had to say it.