NEWS - September 26, 2012
by Carol~ - 9/26/12 6:37 AM
Yet another Java flaw allows "complete" bypass of security sandbox
"Flaw in last three Java versions, 8 years worth, puts a billion users at risk."
Researchers have discovered a Java flaw that would let hackers bypass critical security measures in all recent versions of the software. The flaw was announced today by Security Explorations, the same team that recently found a security hole in Java SE 7 letting attackers take complete control of PCs. But this latest exploit affects Java SE 5, 6, and 7—the last eight years worth of Java software.
"The impact of this issue is critical—we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6, and 7," Adam Gowdiak of Security Explorations wrote, claiming the hole puts "one billion users" at risk.
Gowdiak wrote that Security Explorations successfully pulled off the exploit on a fully patched Windows 7 32-bit computer in Firefox, Chrome, Internet Explorer, Opera, and Safari. Although testing was limited to Windows 7 32-bit, Gowdiak told Computerworld that the flaw would be exploitable on any machine with Java 5, 6, or 7 enabled (whether it's Windows 7 64-bit, Mac OS X, Linux, or Solaris).
Continued : http://arstechnica.com/security/2012/09/yet-another-java-flaw-allows-complete-bypass-of-security-sandbox/
Critical Java flaw affects nearly one billion users
One Billion Users Affected by Java Security Sandbox Bypass Vulnerability, Experts Say
Newly-Discovered Java Vulnerability Enables Bypass of Security Sandbox