|28 Jan 2013||#1|
| || |
Yet even MORE woes for Java...
New bug neutralizes latest Java security updates
Java's new security settings, designed to block drive-by browser attacks, can be bypassed by hackers, a researcher announced Sunday. The news came in the aftermath of several embarrassing zero-day vulnerabilities, and a recent commitment by the head of Java security that his team would fix bugs in the software.
The Java security provisions that can be circumvented were introduced last December with Java 7 Update 10 and let users decide which Java applets are allowed to run within their browsers. The most stringent of the four settings is supposed to block any applet not signed with a valid digital certificate. Other settings freely allow most unsigned applets, execute unsigned applets only if Java itself is up to date, or display a warning before unsigned applets are allowed to run.
His discovery makes moot -- in theory at least -- Oracle's latest security change. When it shipped an emergency update on Jan. 13 to quash two critical Java browser plug-in vulnerabilities, including one that was actively being exploited by cyber criminals, Oracle also automatically reset Java to the High security level. At that setting, Java notifies users before they can run unsigned applets.
|My System Specs|
|Similar help and support threads for2: Yet even MORE woes for Java...|
|Java Void(0) Woes.||Software|
|More Java woes||Security News|
|Java Update-Now I get a security warning for programs that run java||General Discussion|
|Oracle Java SE and Java for Business Critical Patch Update||Security News|
|Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B||System Security|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 11:31 PM.