Researchers Find More Zero-Day Vulnerabilities in Java

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Security Explorations researchers recently uncovered two new security flaws in Java.

"Oracle has been provided with the details of the newly uncovered bugs, but so far, it has only confirmed receiving the information," writes Softpedia's Eduard Kovacs. "Most likely, the company will confirm the existence of the flaws in the upcoming days."

"Security Explorations CEO Adam Gowdiak told Softpedia that it tested the flaw in the original release of Java 7, as well as in Java 7 Updates 11 and 15," writes Ars Technica's Jon Brodkin. "Java 7 Update 15 is the latest version released last week. 'When combined, the flaws can be leveraged to achieve a complete bypass of the Java security sandbox,' Softpedia wrote."

"The new vulnerabilities affect only Java 7, said Gowdiak ... Java 6, which Oracle has officially retired from support, does not contain the bugs," writes Computerworld's Gregg Keizer. "Java has faced an increasing number of 'zero-day' vulnerabilities, bugs that are exploited by criminals before those flaws are patched, or even known by the vendor. Oracle has been forced to rush out patches twice this year to close those holes."

"Many people who have Java enabled in their browser simply do not need it (by the way, don't mix up Java with JavaScript -- they're different things), so the best solution for many folks is to rip Java out of their browser entirely," writes Sophos' Graham Cluley. "If you don't need Java, why put yourself at risk?"