2 Years Later, Java Security Still Broken By Faulty Oracle Patch

An anonymous reader writes: A faulty security patch has left Java users vulnerable to attacks in the past two years, researchers from Polish security firm Security Explorations are claiming. The issue in question is CVE-2013-5838, which was discovered and patched in October 2013. Two years later, going back over their researcher, the same security researchers have now discovered that Oracle had not only misclassified its impact but also botched the fix. In a Full Disclosureexposé, the researcher says that changing four characters in the company's original proof-of-concept code allowed them to exploit the flaw, despite Oracle's patch.

Re:Java security is not broken!

[DamonHD]

With regard to your "Java is shit, shit" you are talking nonsense and should take some deep breaths. Really, grow up. And the rude words don't add gravitas either.

I use and have used many languages over the last 40 years, 30 professionally, and while Java is not perfect *NOR IS ANYTHING ELSE*. I'm having to use C/C++/ASM again at the moment and would much prefer the inherent safety against, for example, buffer overflows from coding errors of Java, but the run-time is too expensive for my current main application.

Rgds

Damon