Critical Java vulnerability made possible by earlier incomplete patch - Techist - Tech Forum

Go Back   Techist - Tech Forum > Techist Forum Information > News > Software
Click Here to Login
Reply
 
Thread Tools Display Modes
 
Old 01-11-2013, 09:23 PM   #1 (permalink)
Destroyer of headlines
 
Megatron's Avatar
 
Join Date: Jan 2011
Location: Headlines
Posts: 629
Default Critical Java vulnerability made possible by earlier incomplete patch

The critical Java vulnerability that is currently under attack was made possible by an incomplete patch Oracle developers issued last year to fix an earlier security bug, a researcher said.

The revelation, made Friday by Adam Gowdiak of Poland-based Security Explorations, is the latest black eye for Oracle's Java software framework which is installed on more than 1 billion PCs, smartphones, and other devices. Last year saw a steady stream of attacks that exploited Java vulnerabilities, allowing miscreants to surreptitiously install keyloggers and other malicious software when unwitting people browsed compromised websites. The abuse has already continued into 2013, when on Thursday researchers reported yet another critical bug that is being "massively exploited in the wild".

According to Gowdiak, the latest vulnerability is a holdover from a bug (referred to here as Issue 32) that Security Explorations researchers reported to Oracle in late August. Oracle released a patch for the issue in October but it was incomplete, he said in an e-mail to Ars that was later published to the Bugtraq mailing list.

"Bugs are like mushrooms, in many cases they can be found in a close proximity to those already spotted," Gowdiak wrote. "It looks like Oracle either stopped the picking too early or they are still deep in the woods."

Oracle representatives didn't immediately respond to a request for comment. This post will be updated if a reply comes later.

More at Source
Megatron is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 03:56 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.