A new vulnerability in Java
Looking at Sun’s take on it and Secunia’s links, there’s a fun little exploit in Java’s calendar objects that can allow a remote user to obtain escalated privileges, allowing them to read, write, and execute any files on your computer that you have access to. The interesting thing about this bug is that it doesn’t depend on memory being set up a certain way, which means it works reliably on a whole bunch of versions of Java, and in Mac, Windows, and *nix environments. You should update to the most recent version of Java to avoid this (see the Resolution section in the link to Sun above). Also, if you don’t use Java applets on the web, you might consider disabling Java in your browser (for Firefox, it’s under Edit > Preferences in the Content tab), so you don’t need to worry about this (programs that you download and run manually are much less likely to have exploits than programs you might automatically start running from visiting the wrong website).
But I thought Java was the holy grail of software and programming protection!
Very helpful post :O