Jump to content



Photo

Flaw Found In The Last 8 Years Of Java


  • Please log in to reply
45 replies to this topic

#1 +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,547 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 29 September 2012 - 17:48

Flaw Found In The Last 8 Years Of Java


Have you disabled or removed Java yet?

In what’s becoming a bit of a broken record of a story, researchers have found yet another flaw in Java which allows hackers to completely bypass security measures built in to the software. What’s worse, this new flaw affects the last 8 years’ worth of Oracle’s Java software, versions 5 through 7, placing more than one billion users in danger of an attack.

When these exploits were first pointed out, several security experts began to suggest disabling the software until a patch was shipped. Now, several of these experts are simply suggesting removing the software altogether.

In an interview yesterday with Computer World’s Darlene Storm, Security Explorations’ CEO Adam Gowdiak confirmed this new critical zero-day exploit. “This is a completely new issue,” said Gowdiak.

“It has however bigger impact than any previous issue we found as part of our Java security research project as it affects Java 5, 6 and 7. Most of our previous findings were primarily affecting Java version 7.”

Gowdiak and his team at Security Explorations also said they were able to take advantage of this exploit on a fully patched, 32-bit Windows 7 machine in Chrome, Firefox, Internet Explorer, Opera and Safari. It’s not just these 32-bit Windows 7 machines which are vulnerable, says Gowdiak, as any computer running Java 5, 6 or 7 is vulnerable to this exploit; Yes, even Macs.

Gowdiak’s Security Explorations has developed quite the knack for finding these kinds of Java exploits. So far, Gowdiak and team have discovered a whopping 50 Java flaws. Though they haven’t yet seen this exploit being used out in the wild, they did point out that it took Oracle 4 months to roll out a fix for their most recent zero-day exploit vulnerability.

Gowdiak and team alerted Java in April to the vulnerabilities in the software which left computers open to be controlled and manipulated by malware. In August, security researchers at FireEye found that these exploits were being used to install the PoionIvy Backdoor trojan before being integrated into the BlackHole exploit kit, making it widely available on the Internet.

Gowdiak has said he’s alerted Oracle to this new flaw, as well as the “source and binary codes of our Proof of Concept code demonstrating a complete Java security sandbox bypass in the environment of Java SE 5, 6, and 7.”


redOrbit (http://s.tt/1oqTg)

http://www.redorbit....-coming-092612/


#2 +Boo Berry

Boo Berry

    Neowinian Ghost

  • 3,910 posts
  • Joined: 26-March 05
  • Location: United States

Posted 29 September 2012 - 17:58

Haven't had Java installed for years now, good riddance!

#3 TPreston

TPreston

    Neowinian Senior

  • 2,601 posts
  • Joined: 18-July 12
  • Location: Ireland
  • OS: Windows 8.1 Enterprise & Server 2012R2/08R2 Datacenter
  • Phone: Nokia Lumia 1520

Posted 29 September 2012 - 18:14

The only reason i keep it around is because Cisco insists on using it for their tools, There's a word for that... Idiocy

#4 Obi-Wan Kenobi

Obi-Wan Kenobi

    "You were the chosen one!"

  • 2,747 posts
  • Joined: 11-November 02
  • Location: West-Central Texas

Posted 29 September 2012 - 18:16

Haven't installed it on my laptop since my last format, and to be honest, haven't needed it for anything. :/

#5 +Brando212

Brando212

    Neowinian Senior

  • 6,760 posts
  • Joined: 15-April 10
  • Location: Omaha, NE
  • OS: Windows 8.1
  • Phone: Sony Xperia ZL, Nokia Lumia 925

Posted 29 September 2012 - 18:19

the only reason i have it installed is for minecraft, i don't use it for anything else and i have the java aplet disabled in my web browsers

#6 Ryano121

Ryano121

    Neowinian

  • 162 posts
  • Joined: 07-August 10

Posted 29 September 2012 - 18:21

Not that easy to remove when you use it everyday at work...

#7 +SharpGreen

SharpGreen

    Now with built-in BS detector.

  • 2,386 posts
  • Joined: 20-August 04
  • Location: North Carolina
  • OS: Ubuntu 14.04, 12.04 and Windows 8.1
  • Phone: Galaxy Nexus

Posted 29 September 2012 - 18:36

Yea I can't get rid of it as I do enjoy playing minecraft and writing Android apps.

#8 vcfan

vcfan

    Doing the Humpty Dance

  • 5,071 posts
  • Joined: 12-June 11

Posted 29 September 2012 - 18:41

****in java needs to die. worst thing to happen to computing.

#9 thatguyandrew1992

thatguyandrew1992

    Neowinian Senior

  • 2,319 posts
  • Joined: 22-January 09

Posted 29 September 2012 - 18:57

My software is made with Java! PLEASE DONT HATE JAVA!

#10 Denis W.

Denis W.

    The True North!

  • 16,362 posts
  • Joined: 06-March 05
  • Location: Toronto, Ontario [CA]
  • OS: Windows 8.1 Pro and OS X Mavericks
  • Phone: iPhone 4S

Posted 29 September 2012 - 18:57

'tis too bad, the language itself isn't that bad. But when most of your daily tools at work are built on Eclipse you can't drop Java just yet :p

#11 .Neo

.Neo

    Generic User

  • 17,515 posts
  • Joined: 14-September 05
  • OS: OS X Yosemite
  • Phone: iPhone 5s

Posted 29 September 2012 - 19:10

Discovering just now Java is far from perfect definitely rocked my world.

#12 Dot Matrix

Dot Matrix

    Neowinian Senior

  • 10,967 posts
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 29 September 2012 - 19:44

My software is made with Java! PLEASE DONT HATE JAVA!


It's kinda hard not to. It's slow, riddled with bugs and holes, and has nothing on newer tech. Java should have died a long time ago.

#13 Glassed Silver

Glassed Silver

    ☆♡Neowin's portion of Crazy♡☆

  • 10,729 posts
  • Joined: 10-June 04
  • Location: MY CATFORT in Kassel, Germany
  • OS: OS X ML; W7; Elementary; Android 4
  • Phone: iPhone 5 64GB Black (6.0.2)

Posted 29 September 2012 - 19:48

My software is made with Java! PLEASE DONT HATE JAVA!

I feel for your userbase. (no offense)

I need it, too.
Minecraft, Adobe and a handful of other applications (less used though).

Glassed Silver:mac

#14 Aethec

Aethec

    Neowinian Senior

  • 2,218 posts
  • Joined: 02-May 10

Posted 29 September 2012 - 19:50

My software is made with Java! PLEASE DONT HATE JAVA!

Use a better language :p

#15 thealexweb

thealexweb

    Neowinian Senior

  • 7,314 posts
  • Joined: 23-September 07
  • Location: United Kingdom

Posted 29 September 2012 - 19:56

I would uninstall Java, but Mine craft is worth having it installed :)