Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Java 0-Day Vulnerability Being Exploited In the Wild

Posted by Soulskill on from the once-more-unto-the-security-breach dept.

An anonymous reader writes "Here we go again. A new Java 0-day vulnerability is being exploited in the wild. If you use Java, you can either uninstall/disable the plugin to protect your computer or set your security settings to 'High' and attempt to avoid executing malicious applets. This latest flaw was first discovered by security firm FireEye, which says it has already been used 'to attack multiple customers.' The company has found that the flaw can be exploited successfully in browsers that have Java v1.6 Update 41 or Java v1.7 Update 15 installed, the latest versions of Oracle's plugin."

1 of 193 comments (clear)

  1. Re:Surprise Surprise by DarkOx · · Score: 4, Informative

    I would say discussion of if a Turing complete is secure or not is off base. You can express any computable algorithm and if you get it wrong it may or may not behave in undesired ways when presented with input you did not anticipate.

    Now if you want to discuss topics if interpreters (byte code or otherwise) that enforce certain memory management contracts, so you don't have to express them as part of your program ultimately offer better security or just move the problems that might be a valid topic.

    Java is not insecure; security is not even an attribute you could put a value on with regard to Java. The browser plugins that ship with the most popular interpreter and runtime implementation might be insecure. There may be bugs in the interpreter where it does not properly enforce contracts making otherwise correct programs under it vulnerable. One little mistake in a C/C++ programs might result in the same thing though. The traditional argument is whats more likely to result in the best outcome: every programmer our there writes good code or a team of skilled programs writes a universal memory manager, and set of libraries that are solid so other programers don't have to get some of that hard stuff right?

    I guess the issue is we are finding out more often than not even teams of very skilled developers are bound to slip here and there with something as large and complex as the Java runtime.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html