Latest Java Security Issue May Affect Your Mac Or PC
@thebigk
•
Oct 27, 2024
Oct 27, 2024
1.2K
Adam Gowdiak of 'Full Disclosure' mailing list has discovered a new Java security issue that's expected to affect millions of Windows and OSX machines. According to Gowdiak who's a CEO of Polish firm "Security Explorations", the vulnerability affects the latest versions of  Oracle Java SE software - and you can't ignore it because the impact would be critical. Adam and his team were able to successfully exploit it to get complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7. The exploit lets hackers install malware on the affected system.
![[IMG]](proxy.php?image=http%3A%2F%2Fwww.crazyengineers.com%2Fwp-content%2Fuploads%2F2012%2F09%2FJava-Security-Issue-Vulnerability.jpg&hash=80460550390927443018bef93c010b80)
In his post, Gowdiak mentions that the bug is 'special' for them for several reasons. It's the anniversary finding of the team (Issue #50) and is exclusive for JavaOne 2012. The bug allows violation of fundamental security constraint of Java Virtual Machine (JVM). Following Java Standard Editions were found vulnerable :-
- Java Standard Edition 5 Update 22 (build 1.5.0_22-b03)
- Java Standard Edition 6 Update 35 (build 1.6.0_35-b10)
- JavaStandard Edition 7 Update 7 (build 1.7.0_07-b10)
The technical details of the exploit have not been revealed publicly for obvious reasons, but Gowdiak claims that he's provided all the relevant details to Oracle. Oracle is reportedly working on the issue and has promised a patch; but no information is available on the patch release schedule. We'll of course keep you updated as we get more information.
Via: <a href="https://seclists.org/fulldisclosure/2012/Sep/170" target="_blank" rel="noopener noreferrer">Full Disclosure: [SE-2012-01] Critical security issue affecting Java SE 5/6/7</a>
In his post, Gowdiak mentions that the bug is 'special' for them for several reasons. It's the anniversary finding of the team (Issue #50) and is exclusive for JavaOne 2012. The bug allows violation of fundamental security constraint of Java Virtual Machine (JVM). Following Java Standard Editions were found vulnerable :-
- Java Standard Edition 5 Update 22 (build 1.5.0_22-b03)
- Java Standard Edition 6 Update 35 (build 1.6.0_35-b10)
- JavaStandard Edition 7 Update 7 (build 1.7.0_07-b10)
The technical details of the exploit have not been revealed publicly for obvious reasons, but Gowdiak claims that he's provided all the relevant details to Oracle. Oracle is reportedly working on the issue and has promised a patch; but no information is available on the patch release schedule. We'll of course keep you updated as we get more information.
Via: <a href="https://seclists.org/fulldisclosure/2012/Sep/170" target="_blank" rel="noopener noreferrer">Full Disclosure: [SE-2012-01] Critical security issue affecting Java SE 5/6/7</a>