ID :IRCNE2012091630
Date: 2012-09-29
According to CNet, it's just a proof of concept for now, but a newly revealed Java vulnerability could have very widespread repercussions.
Security research company Security Explorations has issued a description of a new critical security flaw in Java SE 5 build 1.5.0_22-b03, Java SE 6 build 1.6.0_35-b10, and the latest Java SE 7 build 1.7.0_07-b10. This error is caused by a discrepancy with how the Java virtual machine handles defined data types (a type-safety error) and in doing so violates a fundamental security constraint in the Java runtime, allowing a complete bypass of the Java sandbox.
Security Explorations conducted tests on a fully patched Windows 7 machine, and was able to exploit the bug using the Java plugin in the latest versions of most popular browsers (Internet Explorer, Firefox, Chrome, Safari, and Opera). While the error was only tested on Windows 7 32-bit, being in Java means it is not limited to the Windows platform and will affect anyone with Java installed on their systems, be it Windows, Linux, Mac, or Solaris.
While this bug is more widespread than other recently found Java exploits, so far there is no concrete evidence of it being used in any malware exploits; however, it does stress the importance of reducing the number of active runtimes (code execution environments) on your system. If you do not need Java, then you might be best off uninstalling or disabling it. If you are unsure whether or not you need Java, then you might also remove it and then only reinstall it if any of your activities prompt you for a Java runtime requirement.
Related Topics:
New vulnerabilities found in Java
Oracle’s patch for Java 7 vulnerability
- 2