Security Market Segment LS
Thursday, 27 September 2012 12:24

Another critical Java vulnerability discovered Featured

By

A security researcher has revealed another critical security vulnerability in Java.

Adam Gowdiak of Security Explorations has disclosed the existence of a critical security vulnerability in Java SE 5, 6 and 7.

The flaw allows an attacker to completely bypass Java's security sandbox, Mr Gowdiak claimed.

The vulnerability has been demonstrated on Windows 7 with Java SE 5 Update 22, SE 6 Update 35 and SE7 Update 7, using Firefox 15.0.1, Google Chrome 21.0.1180.89, Internet Explorer 9.0.8112.16421 (update 9.0.10), Opera 12.02 (build 1578), and Safari 5.1.7 (7534.57.2).

In an interview with Computerworld Mr Gowdiak said the vulnerability was present regardless of the operating system if Java SE 5, 6 or 7 is installed.

He also indicated that the vulnerability only gives an attacker the privileges of the current user. While that's enough to do significant damage, it is another reason to avoid the routine use of a privileged account, and to uninstall or disable Java unless it is actually required.

Security Explorations has provided Oracle with a technical description of the problem and the source and binary code for the proof of concept exploit.

The next Java update is due in around three weeks, but given the apparent severity of this issue is is possible that Oracle will release an out-of-cycle update as it did at the end of August.

However, that patch was criticised by Mt Gowdiak as it contained a bug that made some unpatched vulnerabilities easier to exploit.

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

MITIGATE FRAUD WITH HYLAND’S DIGITAL CREDENTIALING SOLUTION

Some of the most important records are paper-based documents that are slow to issue, easy to fake and expensive to verify.

Digital licenses and certificates, identity documents and private citizen immunity passports can help you deliver security and mobility for citizens’ information.

Join our webinar: Thursday 4th June 12 midday East Australian time

JOIN WEBINAR!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & WEBINARS

REVIEWS

Recent Comments