Category Archives: JAVA

Java for OS X 2012-006

On October 16, 2012 Apple released yet another Java update for OS X. This update is a security update to correct multiple vulnerabilities in Java. This update applies to Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion v10.8 or later. Specifically, the update addresses the following according to the Apple site:

Description: Multiple vulnerabilities exist in Java 1.6.0_35, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_37. Further information is available via the Java website at http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html

As usual, Java is a security concern. If you haven’t already done so, disable/uninstall Java unless you absolutely need it. In addition, make sure you update your Java if needed.

SOAP BOX: For Oracle, if Java is going to continue to be used…FIX IT…

Tagged , , , , , , , , , , , , , ,

Java – “Just Another Vulnerability Again”

Well it is another day and another set of vulnerabilities within Java. It appears that Java is the vulnerability gift that keeps on giving. According to an article published by SC Magazine on September 25:

Polish vulnerability research firm Security Explorations, which has discovered a slew of Java bugs this year, said the latest flaw impacts Java SE versions 5, 6 and 7 running in all major web browsers – Firefox, Google Chrome, Internet Explorer, Opera and Safari.

Security Explorations notified Oracle of the vulnerability on Tuesday and also posted a message on BugTraq, a mailing list archive, the same day. Researchers are not aware of any attacks actively exploiting the flaw.

Adam Gowdiak, founder and CEO of Security Explorations, said in an email Tuesday to SCMagazine.com that the firm discovered the bug – which allows machines to be compromised through a complete Java security sandbox bypass – late last week

“A malicious Java applet or application exploiting [this bug] could run unrestricted in the context of a target Java process. such as a web browser application,” Gowdiak said. “An attacker could then install programs, view, change or delete data with the privileges of a logged-on user.”

With Java being so prevalent in Internet and enterprise back-end systems, such as Oracle, this continues to be a serious issue. It may be time to consider another development platform or get Oracle to get Java back on track…

Tagged , , , ,
%d bloggers like this: