August 31, 2012

Déjà vu? Oracle may be dealing with another Java exploit

Oracle soon may have another Java version 7 unpatched exploit on its hands.

Hours after the company that maintains Java released a much-anticipated patch for a widespread malware attack, Polish research outfit Security Explorations said it discovered a new vulnerability in the software platform.

This bug, combined with previous flaws that it has reported to Oracle -- but which have so far gone unfixed -- could lead to a "complete JVM (Java Virtual machine) sandbox bypass in the environment of [the] latest Java SE (Standard Edition) software," Adam Gowdiak, the founder and CEO of Security Explorations, wrote in a Friday post to the Bugtraq mailing list.

His firm has delivered details of the vulnerability, along with a proof-of-concept, to Oracle. With the previous issue, exploit code leaked by someone, which enabled the attack to spread like wildfire.

Despite the patch from Oracle, most experts recommend that users permanently disable Java functionality in the browser. In fact, Microsoft, which makes the world's most heavily used browser, Internet Explorer, is developing a Fix-It tool to allow users to do just that.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

IT decision makers are more optimistic about breach detection than they should ...

A new McAfee study released Monday said organizations are overwhelmed by Big Data, yet appear to be overvaluing their ability to detect data breaches.

Trojan uses fake Adobe certificate to evade detection

The backdoor can steal data, create and delete files, and capture screenshots off a victim's computer.

The new update for Java will close 40 security vulnerabilities

The company is planning to fix the flaws Tuesday when it releases its latest Critical Patch Update for Java SE.