- dotTech - http://dottech.org -
This is getting old: New zero-day vulnerabilities found in latest versions of Java, including Java 7 Update 15
Posted By Ashraf On February 26, 2013 @ 10:31 AM In Linux,Mac OS X,Windows | 50 Comments
Still have Java  installed on your computer or enabled in your browser? Then you should know new vulnerabilities have been discovered in the latest versions of Java. Again.
The current latest version of Java is Java 7 Update 15, which includes the most recent patch Oracle issues on February 19. According to Security Explorations, a Poland-based security company that has been discovering Java vulnerabilities faster than Oracle can patch them, Java 7 Update 15 has two previously undiscovered vulnerabilities that, once combined together and exploited, allows scumbags to bypass Java’s security sandbox and take control of and/or infect computers.
These two vulnerabilities, identified as Issue 54 and Issue 55, affect not only the latest version but all of Java 7. However, it doesn’t appear to affect earlier versions of Java. It is unknown if these vulnerabilities are Windows-only or affect Mac OS X and Linux, too.
The next regular Java update by Oracle that could potentially fix these issues is scheduled for April 16. So unless Oracle issues another irregular patch (which will only happen if these vulnerabilities are discovered in in-the-wild attacks), these vulnerabilities are going to stay unpatched for over a month.This is particularly worrisome when considering recent hacks  of major corporations, e.g. Facebook, Apple, and Microsoft, were conducted by exploiting Java.
Article printed from dotTech: http://dottech.org
URL to article: http://dottech.org/98565/this-is-getting-old-new-zero-day-vulnerabilities-found-in-latest-versions-of-java-java-7-update-15/
URLs in this post:
 Image: http://dottech.org/wp-content/uploads/2013/02/not_again.jpg
 Java: http://dottech.org/tag/java
 recent hacks: http://dottech.org/tag/web-security
 uninstall Java completely: http://dottech.org/78080/how-to-remove-java-from-windows-guide/
 disable it in your browser: http://dottech.org/78082/how-to-uninstall-remove-java-from-firefox-chrome-internet-explorer-opera/
 Softpedia: http://news.softpedia.com/news/Zero-Day-Vulnerability-Affecting-Java-7-Update-15-and-Earlier-Versions-Identified-332157.shtml
 Security Explorations: http://www.security-explorations.com/en/SE-2012-01-status.html
 Justin Kraemer: http://www.flickr.com/photos/justinkraemer/3169504040/
© 2008-2012 dotTech.org | All content is the property of its rightful owner.