Slashdot Mirror

← Back to Stories (view on slashdot.org)

Java Exploit Patched? Not So Fast

Posted by timothy on from the few-beans-short dept.

PCM2 writes "The Register reports that Security Explorations' Adam Gowdiak says there is still an exploitable vulnerability in the Java SE 7 Update 7 that Oracle shipped as an emergency patch yesterday. 'As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.'"

6 of 87 comments (clear)

  1. Arrrrrg by Haawkeye · · Score: 5, Insightful

    Come on really! That's it java is coming off my machines!

    1. Re:Arrrrrg by Nerdfest · · Score: 5, Informative

      I may have this wrong, but isn't this exploit only possible if you have Java enabled in your browser, which you only need to run Java applets? When was the last time you saw a Java applet? Disable it. I'm surprised it's still enabled by default (I think it's actually disabled in Chrome).

    2. Re:Arrrrrg by LordLimecat · · Score: 5, Funny

      Sandbox [Java VM] externally

      Using what, a VM?

      Yo dawg, I heard you liked virtual machines...

  2. WORE by tobiasly · · Score: 5, Funny

    Oracle should be commended for finally bringing their "Write Once, Run Everywhere(tm)" vision to the exploit community.

    1. Re:WORE by cbhacking · · Score: 5, Interesting

      Normally I'd agree with you, but the exact same thing is true of JavaScript and yet very, very few people are calling for a universal end to that. Now, a handful of people (relative to the global computer userbase) use NoScript, but even among NoScript users most realize that it's either too complex or too difficult for most people to use correctly all the time.

      As it happens, I do block plug-ins (especially Flash and Java) by default, permitting them only on a case-by-case basis, except where I can remove them entirely. However, even to my (highly technical; he's been coding since he was in high school) father, that's too much of a hassle. He expects (rightly, if not wisely) that software vendors will keep their software as secure as possible, and respond quickly to any threats. That's the standard to which I'm holding Oracle here, and they're failing to meet it.

      --
      There's no place I could be, since I've found Serenity...
  3. Not so fast by MobileTatsu-NJG · · Score: 5, Funny

    Not so fast.

    Isn't that Java's mission statement?

    --

    "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)