Home » Security » Windows Users Affects by Java Vulnerability

java

A new vulnerability in Java has been discovered.  The vulnerability allows an attacker to gain control of a victim’s computer. The researchers have confirmed that

  • Java SE 5 – Update 22 (Java SE 5 build 1.5.0_22-b03)
  • Java SE 6 – Update 35 (Java SE 6 build 1.6.0_35-b10 )
  • Java SE 7 Update 7 (Java SE 7 build 1.7.0_07-b10)

This vulnerability is caused by a discrepancy with how the Java virtual machine handles defined data types and in doing so violates a fundamental security constraint in the Java runtime, allowing a complete bypass of the Java sandbox.

The flaw allows the attacker to gain complete control of a victim’s machine through a malicious website.  Affected web browsers are

  • Safari 5.1.7
  • Opera 12.02
  • Chrome 21.0.1180.89
  • Firefox 15.0.1
  • Internet Explorer 9.0.8112.16421

Even with fully patched Windows 7 32-bit operating systems you are susceptible to the attack.

So far there are no reports of the flaw being used in any malware.  I would take a few preventative steps

  • Reducing the number of active runtimes (code execution environments) on your system
  • If you do not need Java uninstalling or disable it

Oracle released a fix for the most critical vulnerabilities on August 30.  The last exploit would allow an attacker to use a malicious Java applet to install programs, or read and change data on the system with the privileges of the current user.

But now another flaw in that fix allows a hacker to bypass the patch. That bug in Oracle’s patch still hasn’t been patched, leaving users vulnerable to both the new flaw and the previous attack.  It’s not yet known when or if Oracle will fix this issue.  Oracle has been provided with a technical overview of the bug and example code outlining the flaw but has not yet acted upon it.

Comments

comments

Latest

Apple Watch Music Apps on the Apple Watch Series 3
hoverboard The Rise of the Hoverboard: Could They Replace Cars?
security camera How To Know If You Security Camera has Been Compromised?
Stand Up Stand Up App Review
Immoabroad Using Immoabroad To Travel

Tech Geek Today

Tech Geek Today

MonTueWedThuFriSatSun
      1
2345678
16171819202122
23242526272829
3031     
    123
45678910
11121314151617
18192021222324
252627282930 
       
 123456
78910111213
21222324252627
28293031   
       
      1
2345678
16171819202122
23242526272829
30      
   1234
567891011
12131415161718
262728293031 
       
   1234
567891011
12131415161718
19202122232425
262728    
       
1234567
891011121314
22232425262728
293031    
       
    123
45678910
11121314151617
18192021222324
25262728293031
       
  12345
6789101112
20212223242526
27282930   
       
      1
9101112131415
16171819202122
23242526272829
3031     
    123
45678910
11121314151617
252627282930 
       
 123456
78910111213
14151617181920
21222324252627
28293031   
       

Subscribe To The Technology Geek

Archives