1

Yet another Java flaw allows “complete” bypass of security sandbox

view story
linux-howto

http://forums.fedoraforum.org – http://arstechnica.com/security/2012...urity-sandbox/ Quote: Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security hole in Java SE 7 letting attackers take complete control of PCs. But this latest exploit affects Java SE 5, 6, and 7—the last eight years worth of Java software. (HowTos)

nicelinux's picture
Submitted by nicelinux on 09/26/2012

Stories similar to Yet another Java flaw allows “complete” bypass of security sandbox

Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security flaw in Java SE 7 letting attackers take complete control of PCs.

1.

http://www.theregister.co.uk/2012/08...w_about_flaws/

closed source for corruption! microshaft, now oracle!

Quote:

The critical Java vulnerabilities that have security experts cautioning users to disable Java in their browsers are not new discoveries, a security firm claims.

Java 7 update 11 security hole 21 weeks 3 hours ago

Dear All,According following report, we know the java 7 update 7 exist critical security hole.http://news.techworld.com/security/3421 … searchers/I'm wonder is that hole also exist on openjdk?

dlin https://bbs.archlinux.org/profile.php?id=4446

2013-01-22T00:45:36Z

First off, I know nothing about security so I don't know anything about the nature of this security risk that everyone is talking about. My question is as Ubuntu users, is there something specific we should do prevent any damage to our computers? :confused:

I've Googled around and everyone's knee-jerk response has been to remove Java. Okay. What parts? The runtime environment? The JDK?

https://www.networkworld.com/news/20...rk-265923.html

http://www.springsource.org/spring-framework

Quote:

There's a major flaw in the Java-based Spring Framework open-source development code that allows remote-code execution by attackers against applications built with it, according to the security firm which identified the flaw.

I updated my Ubuntu 10.04 system yesterday, and because I have /etc under git control it tells me this file changed: /etc/java-6-openjdk/security/java.security

As it says "security", and I am not a java specialist, a little red flag went up.

Two lines changed, with the before/after shown below.

IBM Java 5 security update 3 years 22 weeks ago

IBM Java 5 security update

12 Jan 2010

More...

I am trying to use Spongy Castle (v1.47) to create a PKCS10 Certification Request. Spongy Castle behaves exactly the same way as Bouncy Castle, but is more suited to port on Android.