DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 18, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 162 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Oracle not patching critical Java bug until February

Posted on Thursday, October 18 2012 @ 17:02:37 CEST by


Java logo
Last month security researchers discovered a dangerous bug in Java that enables attackers to bypass the sandbox mode. Unfortunately, it seems a patch isn't coming anytime soon. Oracle usually patches Java security bugs on a quarterly base, the latest Java update arrived on Tuesday and while it included updates for 30 security bugs, the sandbox fix wasn't part of the update.

According to Adam Gowdiak of Polish security firm Security Explorations, Oracle confirmed to him that a patch won't be issued until February 19, 2013.
Gowdiak said he plans to present technical details on the flaw Nov. 14 at the Devoxx Java Community Conference in Belgium. His team did share a technical description of the issue and source and binary codes of proof-of-concept exploit code.

The vulnerability and exploit were announced in late September. Gowdiak’s exploit successfully beat a fully patched Windows 7 computer running Firefox 15.0.1, Chrome 21, Internet Explorer 9, Opera 12 and Safari 5.1.7. The exploit relies on a user landing on a site hosting the exploit; an attacker would use a malicious Java applet or banner ad to drop the malware and ultimately have full remote control of a compromised machine.
Pretty much the same thing happened in August, but then Oracle was forced to issue an out-of-cycle patch due to the severity of the vulnerability as well as widespread media coverage.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba