Latest Java Security Issue May Affect Your Mac Or PC

Adam Gowdiak of 'Full Disclosure' mailing list has discovered a new Java security issue that's expected to affect millions of Windows and OSX machines. According to Gowdiak who's a CEO of Polish firm "Security Explorations", the vulnerability affects the latest versions of  Oracle Java SE software - and you can't ignore it because the impact would be critical. Adam and his team were able to successfully exploit it to get complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7. The exploit lets hackers install malware on the affected system.

[​IMG]

In his post, Gowdiak mentions that the bug is 'special' for them for several reasons. It's the anniversary finding of the team (Issue #50) and is exclusive for JavaOne 2012. The bug allows violation of fundamental security constraint of Java Virtual Machine (JVM). Following Java Standard Editions were found vulnerable :-

- Java Standard Edition 5 Update 22 (build 1.5.0_22-b03)
- Java Standard Edition 6 Update 35 (build 1.6.0_35-b10)
- JavaStandard Edition 7 Update 7 (build 1.7.0_07-b10)

The technical details of the exploit have not been revealed publicly for obvious reasons, but Gowdiak claims that he's provided all the relevant details to Oracle. Oracle is reportedly working on the issue and has promised a patch; but no information is available on the patch release schedule. We'll of course keep you updated as we get more information.

Via: Full Disclosure: [SE-2012-01] Critical security issue affecting Java SE 5/6/7

Replies

You are reading an archived discussion.

Related Posts

We know that for most of you, tracking socks is easy and you can do so easily; but for the rich people from Switzerland, there's an RFID tag coupled with...
Sony has launched the 'Sony Xperia Tipo' in India, an Android ICS phone for a price tag of Rs. 9999. If you're looking for a quality smartphone powered by the...
So you want to download that original video of your cat that you uploaded to YouTube? You no longer have to take the help of numerous YouTube video downloaders available....
Today's a special day for Google which has become the default door to the vast world of the Internet. Not a single day passes by without each of us typing...
While half of the tech-world is still speculating and wondering about this 5-inch phone's 4:3 aspect ratio, LG is now out with its set of specifications for the Optimus Vu...