Sunday, 20 January 2013

Oracle's Java patch contains new holes, researchers warn

Researchers from Security Explorations, a Poland-based vulnerability research firm, claim to have found two new vulnerabilities in Java 7 Update 11 that can be exploited to bypass the software's security sandbox and execute arbitrary code on computers.

Oracle released Java 7 Update 11 last Sunday as an emergency security update in order to block a zero-day exploit used by cybercriminals to infect computers with malware.

Security Explorations successfully confirmed that a complete Java security sandbox bypass can be still be achieved under Java 7 Update 11 (JRE version 1.7.0_11-b21) by exploiting two new vulnerabilities discovered by the company's researchers, Adam Gowdiak, the company's founder, said Friday in a message sent to the Full Disclosure mailing list. The vulnerabilities were reported to Oracle on Friday, together with working proof-of-concept exploit code, he said.

According to Security Explorations' disclosure policy, technical details about the vulnerabilities will not be publicly disclosed until the vendor issues a patch.

To read this article in full or to leave a comment, please click here

Source: http://www.pcworld.com/article/2025797/oracles-java-patch-contains-new-holes-researchers-warn.html

FAIR ISAAC FACTSET RESEARCH SYSTEMS F5 NETWORKS EPICOR SOFTWARE EMULEX

No comments:

Post a Comment