Posted on Wednesday, September 26 2012 @ 18:52 CEST by Thomas De Maesschalck
Less than a month ago
Oracle patched a dangerous Java security bug, but now the plug-in is hit by yet another critical vulnerability. The newly discovered zero-day bug affects Java 5, 6 and 7, across all browsers and operating systems. Further information about the bug can be read
at ComputerWorld.
You disclosed that the bug allows attackers to violate a fundamental security constraint of a Java Virtual Machine (type safety). What could an attacker do by exploiting newest Java vulnerability?
Gowdiak: A malicious Java applet or application exploiting this new issue could run unrestricted in the context of a target Java process such as a web browser application. An attacker could then install programs, view, change, or delete data with the privileges of a logged-on user.
The new bug is more dangerous than the last one, to protect yourself against attacks it's best to disable the Java plug-in until Oracle issues a patch.
