Java – “Just Another Vulnerability Again”

Well it is another day and another set of vulnerabilities within Java. It appears that Java is the vulnerability gift that keeps on giving. According to an article published by SC Magazine on September 25:

Polish vulnerability research firm Security Explorations, which has discovered a slew of Java bugs this year, said the latest flaw impacts Java SE versions 5, 6 and 7 running in all major web browsers – Firefox, Google Chrome, Internet Explorer, Opera and Safari.

Security Explorations notified Oracle of the vulnerability on Tuesday and also posted a message on BugTraq, a mailing list archive, the same day. Researchers are not aware of any attacks actively exploiting the flaw.

Adam Gowdiak, founder and CEO of Security Explorations, said in an email Tuesday to that the firm discovered the bug – which allows machines to be compromised through a complete Java security sandbox bypass – late last week

“A malicious Java applet or application exploiting [this bug] could run unrestricted in the context of a target Java process. such as a web browser application,” Gowdiak said. “An attacker could then install programs, view, change or delete data with the privileges of a logged-on user.”

With Java being so prevalent in Internet and enterprise back-end systems, such as Oracle, this continues to be a serious issue. It may be time to consider another development platform or get Oracle to get Java back on track…

Tagged , , , ,
%d bloggers like this: