Jump to content

Java 7 vulnerability opens door to 10-year-old attack


ShyWriter

Recommended Posts

.
Java 7 vulnerability opens door to 10-year-old attack

The vulnerability allows attackers to bypass the Java security sandbox, researchers from Security Explorations said

 

By Lucian Constantin
July 18, 2013 03:08 PM ET


IDG News Service - Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system.

 

The vulnerability was reported Thursday to Oracle along with proof-of-concept (PoC) exploit code, said Adam Gowdiak, the CEO and founder of Security Explorations, in a message to the Full Disclosure mailing list.

 

According to Gowdiak, the vulnerability is located in the Reflection API (application programming interface), a feature that was introduced in Java 7 and which has been the source of many critical Java vulnerabilities so far. Security Explorations confirmed that its PoC exploit code works against Java SE 7 Update 25 and earlier versions, he said.

 

The new issue identified by Security Explorations can allow hackers to implement a "classic" attack that has been known for at least 10 years, Gowdiak said.

 

This kind of attack used to affect the Java virtual machine.. (More...)

 

Continue at: https://www.computerworld.com/s/article/9240895/Java_7_vulnerability_opens_door_to_10_year_old_attack

 

Steve

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.