Polish researchers report about a critical security hole in Java

It seems there is a new critical security hole we must be aware about. According to Naked Security blog, this flaw is in Oracle’s Java software and it’s guessed that it can be used to bypass Java’s secure application called ‘sandbox’. Java sandbox relies on a three defense elements and, if any one of those three fails, the security model becomes completely compromised and vulnerable to attack.

Researchers who have discovered this flaw work in ‘Security Explorations’, which is based in Poland. According to them, vulnerability helps to bypass Java security sandbox completely and ‘allows the attacker to violate a fundamental security constraint of a Java Virtual Machine (JVM)’. Security experts also claim that ones who know about this hole and know how to exploit it can easily get over the vulnerable system. They can initiate an attack of a website or a banner by making victims click a malicious link in an email or an Instant Messenger and upload malicious content on the affected system.

This vulnerability was rated ‘critical’ by ‘Security Explorations’ team because it affects many versions of the Java Standard Edition software (exploit has worked with Java Standard Edition versions 5, 6 and 7) and involves even th latest updates. If you note that there are over a billion devices that run one of those versions, there is no wonder why the rate is so high.

Source:? http://nakedsecurity.sophos.com/


Files
Software
Compare
Like us on Facebook