Slashdot Mirror

← Back to Stories (view on slashdot.org)

Latest Java Update Broken; Two New Sandbox Bypass Flaws Found

Posted by Soulskill on from the it-just-goes-on-and-on-my-friends dept.

msm1267 writes "Oracle's long security nightmare with Java just gets worse. A post to Full Disclosure this morning from a security researcher indicated that two new sandbox bypass vulnerabilities have been discovered and reported to Oracle, along with working exploit code. Oracle released Java 7u11 last Sunday and said it fixed a pair of vulnerabilities being exploited by all the major exploit kits. Turns out one of those two bugs wasn't completely patched. Today's bugs are apparently not related to the previous security issues."

2 of 223 comments (clear)

  1. Re:The same old story by sjames · · Score: 4, Informative

    Reflection is extremely useful given a language that considers it a first class feature rather than a bolt-on. Duck typing, for example,is a specific application of reflection. In turn, duck typing can actually fulfill the promise of reusable code that OOP promises but rarely delivers.

  2. Re:Enough Already by Anonymous Coward · · Score: 4, Informative

    in defense of both sysad and java, there are developers which just tink that garbage collection is magic and create a memory problem where there is none