View Single Post
Old 04-10-12, 15:50   #1
Ladybbird
 
Ladybbird's Avatar
 
Join Date: Feb 2011
Posts: 47,368
Thanks: 27,593
Thanked 14,456 Times in 10,262 Posts
Ladybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond reputeLadybbird has a reputation beyond repute

Awards Showcase
Best Admin Best Admin Gold Medal Gold Medal 
Total Awards: 8

Computers New Java Flaw Allows “Complete” Bypass of Security Sandbox

Yet another Java flaw allows “complete” bypass of security sandbox

Flaw in last three Java versions, 8 years worth, puts a billion users at risk.

by Ars Technica


Java gets exposed, yet again.

Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security hole in Java SE 7 letting attackers take complete control of PCs. But this latest exploit affects Java SE 5, 6, and 7—the last eight years worth of Java software.

“The impact of this issue is critical—we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6, and 7,” Adam Gowdiak of Security Explorations wrote, claiming the hole puts "one billion users" at risk.

Gowdiak wrote that Security Explorations successfully pulled off the exploit on a fully patched Windows 7 32-bit computer in Firefox, Chrome, Internet Explorer, Opera, and Safari. Although testing was limited to Windows 7 32-bit, Gowdiak told Computerworld that the flaw would be exploitable on any machine with Java 5, 6, or 7 enabled (whether it’s Windows 7 64-bit, Mac OS X, Linux, or Solaris).

The bug lets attackers violate the “type safety” security system in the Java Virtual Machine. “A malicious Java applet or application exploiting this new issue could run unrestricted in the context of a target Java process such as a Web browser application,” Gowdiak told Computerworld. “An attacker could then install programs, view, change, or delete data with the privileges of a logged-on user.”

Gowdiak and his team have found a total of 50 Java flaws. While this latest one apparently isn’t being exploited in the wild yet, another that was being exploited was patched by Oracle last month, reportedly four months after Oracle learned of the vulnerability.

Gowdiak reported today that he provided Oracle with a technical description of the latest flaw, as well as “source and binary codes of our Proof of Concept code demonstrating a complete Java security sandbox bypass in the environment of Java SE 5, 6, and 7.”
__________________
PUTIN TRUMP & Netanyahu Will Meet in HELL










TRUMP WARNS; 'There'll Be a Bloodbath If I Don't Get Elected'


PLEASE HELP THIS SITE..Click DONATE
& Thanks to ALL Members of ... 1..

THIS SITE IS MORE THAN JUST WAREZ...& TO STOP SPAM-IF YOU WANT TO POST, YOUR FIRST POST MUST BE IN WELCOMES
Ladybbird is online now   Reply With Quote