Andrew said:
Oracle posted an updated version today (Aug 30).
Perhaps it resolved these vulnerabilities ... perhaps not !
Researchers find critical vulnerability in Java 7 patch hours after release
http://www.cio.com/article/715219/R...erability_in_Java_7_patch_hours_after_release
" Security researchers from Poland-based security firm Security
Explorations claim to have discovered a vulnerability in the Java 7
security update released Thursday that can be exploited to escape the
Java sandbox and execute arbitrary code on the underlying system.
Security Explorations sent a report about the vulnerability to Oracle on
Friday together with a proof-of-concept exploit, Adam Gowdiak, the
security company's founder and CEO said Friday via email.
The company doesn't plan to release any technical details about the
vulnerability publicly until Oracle addresses it, Gowdiak said.
<snip>
Based on the experience of Security Explorations researchers with
hunting for Java vulnerabilities so far, Java 6 has better security than
Java 7. "Java 7 was surprisingly much easier for us to break," Gowdiak
said. "For Java 6, we didn't manage to achieve a full sandbox
compromise, except for the issue discovered in Apple Quicktime for Java
software."
Gowdiak has echoed what many security researchers have said before: If
you don't need Java, uninstall it from your system. "
Ouch !
MowGreen
================
*-343-* FDNY
Never Forgotten
================
