Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest Java Update Broken; Two New Sandbox Bypass Flaws Found

Posted by Soulskill on from the it-just-goes-on-and-on-my-friends dept.

msm1267 writes "Oracle's long security nightmare with Java just gets worse. A post to Full Disclosure this morning from a security researcher indicated that two new sandbox bypass vulnerabilities have been discovered and reported to Oracle, along with working exploit code. Oracle released Java 7u11 last Sunday and said it fixed a pair of vulnerabilities being exploited by all the major exploit kits. Turns out one of those two bugs wasn't completely patched. Today's bugs are apparently not related to the previous security issues."

4 of 223 comments (clear)

  1. Re:Just let it die already by Antipater · · Score: 5, Funny
    To be fair, coding your way out of a paper bag sounds pretty difficult.

    Unless you have a robot with poking capabilities inside the bag with you, of course.

    --
    Everything is better with chainsaws.
  2. Enough already by mark-t · · Score: 3, Funny

    While admittedly this could reasonably qualify as news for nerds, the exploits that are being discovered in Java these days are happening with such rapidity now that it truly seems like a complete waste of time and effort to report them all individually. They are so frequent now as to border on spam.

    --
    File under 'M' for 'Manic ranting'
  3. If they keep this up... by mandark1967 · · Score: 4, Funny

    Adobe is gonna get jealous.

    --
    Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
  4. Re:Enough Already by datavirtue · · Score: 3, Funny

    Why, after all this it will be unbreakable. Look at Windows and how it has improved. Hold on, Windows Store, locked down application environment....uh.

    --
    I object to power without constructive purpose. --Spock