ITWire

Home Business IT Security Another critical Java vulnerability discovered

Another critical Java vulnerability discovered

Another critical Java vulnerability discovered Featured
Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


A security researcher has revealed another critical security vulnerability in Java.

Adam Gowdiak of Security Explorations has disclosed the existence of a critical security vulnerability in Java SE 5, 6 and 7.

The flaw allows an attacker to completely bypass Java's security sandbox, Mr Gowdiak claimed.

The vulnerability has been demonstrated on Windows 7 with Java SE 5 Update 22, SE 6 Update 35 and SE7 Update 7, using Firefox 15.0.1, Google Chrome 21.0.1180.89, Internet Explorer 9.0.8112.16421 (update 9.0.10), Opera 12.02 (build 1578), and Safari 5.1.7 (7534.57.2).

In an interview with Computerworld Mr Gowdiak said the vulnerability was present regardless of the operating system if Java SE 5, 6 or 7 is installed.
He also indicated that the vulnerability only gives an attacker the privileges of the current user. While that's enough to do significant damage, it is another reason to avoid the routine use of a privileged account, and to uninstall or disable Java unless it is actually required.

Security Explorations has provided Oracle with a technical description of the problem and the source and binary code for the proof of concept exploit.

The next Java update is due in around three weeks, but given the apparent severity of this issue is is possible that Oracle will release an out-of-cycle update as it did at the end of August.

However, that patch was criticised by Mt Gowdiak as it contained a bug that made some unpatched vulnerabilities easier to exploit.

RECRUITMENT & RETENTION REPORT 2013

HIRE OR FIRE? BUY OR BUILD

2013 is well underway and Australian companies need to know whether they should invest in IT skills training or pay a premium for the people they need.

If you want to know which choices are being made in your sector, what skills are hard to find, which sectors intend to hire or fire and where the IT spend is going, this free report is must have.

GET YOUR REPORT NOW

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.

More in this category: « Caution for retailers on security, cybercrime dangers Panoramic views from latest Axis surveillance cameras »
back to top


Services

Company

Community

Connect

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=5460041&PluID=0&ord=[2000]&rtu=-1