Oh look, another critical Java security vulnerability has been discovered, something that seems to be a trend for Oracle's widely used software. The exploit, as detailed by Seclists' Full Disclosure mailing list, bypasses the Java security sandbox in all versions of Java from SE 5 to the latest SE 7 Update 7 in the latest versions of all popular browsers.
Basically, if you have a computer - Mac or PC - and it has Java installed, it could be vulnerable to this new exploit. Adam Gowdiak, who discovered the Java vulnerability, said that he found the bug last week, created a proof-of-concept exploit and then reported the issue to Oracle on Tuesday, who have confirmed the issue. He is "not aware of any active attacks that would exploit this vulnerability" but claims the potential impact is bigger than previous exploits.
October 16 is the next scheduled Java update, and its likely Oracle will wait until this date to patch the vulnerability. If you are concerned about your security, it's recommended either to uninstall Java from your system (if you don't use it) or temporarily disable it until a patch is released.
Via: ComputerWorld
Source: SecLists | Locks image via Shutterstock
42 Comments - Add comment