A new vulnerability in Java

Looking at Sun’s take on it and Secunia’s links, there’s a fun little exploit in Java’s calendar objects that can allow a remote user to obtain escalated privileges, allowing them to read, write, and execute any files on your computer that you have access to. The interesting thing about this bug is that it doesn’t depend on memory being set up a certain way, which means it works reliably on a whole bunch of versions of Java, and in Mac, Windows, and *nix environments. You should update to the most recent version of Java to avoid this (see the Resolution section in the link to Sun above). Also, if you don’t use Java applets on the web, you might consider disabling Java in your browser (for Firefox, it’s under Edit > Preferences in the Content tab), so you don’t need to worry about this (programs that you download and run manually are much less likely to have exploits than programs you might automatically start running from visiting the wrong website).

Leave a Reply

One Comment

  1. sorethumb says:

    But I thought Java was the holy grail of software and programming protection!

    Very helpful post :O

Enable Javascript to Leave a Reply

Your browser has Javascript disabled right now. You must enable Javascript in order to leave a comment. This is done to prevent spam (most comment spam comes from bots that do not render Javascript correctly). If you need instructions for enabling Javascript, look here.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

 

You must wait 5 seconds after loading this page before you can submit a comment. This is done to reduce comment spam.