New Java Vulnerability Found Affecting Java 5, 6, and 7 SE

jcatcw writes "Just as Oracle is ramping up for the September 30 start of JavaOne 2012 in San Francisco, researchers from the Polish firm Security Explorations disclosed yet another critical Java vulnerability that might 'spoil the taste of Larry Ellison's morning ... Java.' According to Security Explorations researcher Adam Gowdiak, who sent the email to the Full Disclosure Seclist, this Java exploit affects one billion users of Oracle Java SE software, Java 5, 6 and 7. It could be exploited by apps on Chrome, Firefox, Internet Explorer, Opera and Safari. Wow, thanks a lot Oracle."

Re:Java runtime vs. .NET runtime

[gagol]

You mean like this?

Re:"Wow, thanks a lot Oracle."

[Nimey]

Java 5 was even EOL'd well before Oracle bought Sun.

Re:the java plugin?

[codealot]

I just RTFA, from what I can tell this affects anyone who needs to run untrusted code in a JVM with a SecurityManager, not just applets.

That said, I can't think of any reason to do that besides applets, so most vulnerable users are those with browser plugins. Virtually everyone I know who runs Java deploys it within a servlet container where untrusted code is not normally a concern. Given that, the story seems a bit overblown.