• ARTICLES
SEARCH

How-To Geek

Hang on to Your Seats, Another new Security Hole has been Found in Java

If you were one of the people who promptly updated the Java installation on your system last week, then you probably felt like things should be in good shape for a bit. Guess again. As seems to be the pattern lately, another new security hole has already been found that affects all versions of Java 7 including the latest release.

The latest security hole was found in the Reflection API and affects all Java 7 (JRE 7) versions including last week’s 1.7.0_21-b11 release. An unusual aspect of the security hole is its presence in the JRE Plugin, JDK software, and Server JRE. The ability for the new exploit to wholly affect a system is dependent on the amount of access the user allows though.

From the Full Disclosure blog post: The new flaw was verified to affect all versions of Java SE 7 (including the recently released 1.7.0_21-b11). It can be used to achieve a complete Java security sandbox bypass on a target system. Successful exploitation in a web browser scenario requires proper user interaction (a user needs to accept the risk of executing a potentially malicious Java application when a security warning window is displayed).

You can read more about the latest security hole at the blog posts linked below…

Note: If you do not need Java on your system, we recommend uninstalling it entirely or disabling the browser plugin.

Links

[SE-2012-01] Yet another Reflection API flaw affecting Oracle’s Java SE [Full Disclosure Mailing List Archives - Seclists.org]

[via The H Security and Sophos Naked Security Blog]

Akemi Iwaya (Asian Angel) is our very own Firefox Fangirl who enjoys working with multiple browsers and loves 'old school' role-playing games. Visit her on Twitter and .

  • Published 04/24/13

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!