Oracle has recently been at the receiving end of criticism when a zero-day exploit was discovered in Java, an exploit which we were told had been brought to Oracle’s notice months ago. Oracle broke its quarterly schedule to ship out a patch for the exploit once the web became abuzz with it. However, that doesn’t mark the end of Oracle’s Java woes.
A security firm has revealed a new vulnerability in Java which affects multiple versions of Java and even the latest patch from Oracle doesn’t do anything to fix it. The flaw is related to the way Java handles data types, leaving a gaping vulnerability which allows for a complete bypass of Java sandbox.
For now, the vulnerability is not being used actively as an exploit by the hackers out there. In fact, Security Explorations, the company that has revealed the vulnerability, has only demonstrated it as a proof-of-concept. According to the company, it has warned Oracle about the exploit and is waiting for the company to respond.
Given the nature of the exploit, analysts are of the opinion that it affects nearly all Java users, putting close to 1 billion machines at imminent risk. According to Security Explorations, “We hope that a news about one billion users of Oracle Java SE software being vulnerable to yet another security flaw is not gonna spoil the taste of Larry Ellison’s morning…Java.” Oracle hasn’t officially responded to the news yet.
- 2014-04-11: NSA Apparently Knew About Heartbleed Vulnerability For Years [Report]
- 2014-03-27: MIT Researchers Develop New Encryption System That Is Allegedly More Secure
- 2012-10-19: Apple boots Java out of browsers in OS X update
- 2012-09-26: New Java vulnerability found, could affect 1 billion users
- 2012-05-08: Jury rules that Google violated copyright laws in Oracle trial
- 2012-04-13: Apple Releases Update to Remove Flashback Trojan
- 2012-04-09: Java updates for Flashback avoid OS X Tiger and Leopard
- 2011-01-21: Android contains code copied from Java?
- 2010-08-13: Oracle Sues Google Over Alleged Android Patent Infringement