Five new Java SE 7 flaws spotted

A Polish security reported yesterday that it discovered five new vulnerabilities in Oracle Corp.’s popular Java software.
The new security flaws can potentially be used by attackers to bypass Java’s sandbox and install malware, according to Security Explorations, a security and vulnerability research firm.
 
“The five new security flaws were discovered in Java SE 7 (numbered 56 to 60), which when combined together can be successfully used to gain complete Java security sandbox bypass in the environment of Java SE 7 Update 15,” Adam Gowdiak, CEO of Security Exploration, wrote in a blog on the security news site SecureList.Org.

Two of the items Secure Exploration found could be affecting Java SE 6 as well, he said.

“The attack breaks a couple of security checks introduced to Java SE by Oracle over the recent months,” Gowdiak added. “It also exploits code fragments that were missing proper security checks corresponding to the very mirror code.

RELATED CONTENT

Experts worry over Oracle’s security track record
Java patch problems remain says researchers

The discovery of the latest five vulnerabilities comes just a week after Security Exploration reported two other flaws in Oracle’s plug-in used to run Java applications in a browser.

Earlier, Oracle announced that it was speeding up its Java patch process particularly to address security issues regarding the Java Runtime Environment in desktop browsers.

In recent weeks, security experts have expressed concerns of Oracle’s ability to keep its software safe from attacks following a string of Java patch problems.

Early in February, the United States Department of Homeland Security even urged computer administrators and users to disable Java plug-ins in the browser because of a major vulnerability in the software.

Oracle immediately issued an emergency security update to Java 7. That emergency patch, however, failed to address two new vulnerabilities which could enable attackers to execute arbitrary code on computers.

Read the SecList.Org blog here

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now