Monday, January 28, 2013

Java Just as Vulnerable as Before

Java Just as Vulnerable as Before:
DirtyCup
Security Explorations, a Polish security firm, has discovered a new vulnerability within the latest Java update that bypass the security measures put in place from the last big exploit.
According to The Next Web, this attack in conjunction with two other vulnerabilities make machines just as vulnerable as they have been for some time now.
Security Explorations CEO had this to say on a Full Disclosure post:
What we found out and what is a subject of a new security vulnerability (Issue 53) is that unsigned Java code can be successfully executed on a target Windows system regardless of the four Java Control Panel settings described above. Our Proof of Concept code that illustrates Issue 53 has been successfully executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with “Very High” Java Control Panel security settings.
That said, recently made security “improvements” to Java SE 7 software don’t prevent silent exploits at all. Users that require Java content in the web browser need to rely on a Click to Play technology implemented by several web browser vendors in order to mitigate the risk of a silent Java Plugin exploit.

No comments:

Post a Comment