Featured
- Get link
- Other Apps
Java security with Oracle is leaking
Security issues in this software have become a permanent problem for the folks at Oracle. After its acquisition, Java has become a problem for these and users, suffering many security problems that the former have not been able to solve.
On this occasion, a group of researchers has discovered
that the security flaw cataloged as CVE-2013-5838 and
which was discovered in June 2013 is still available. The security experts
themselves who alerted the company have once again proceeded to represent the
scenario in which they discovered the vulnerability to check if it was
resolved, leading to an unpleasant surprise. Taking into account that so
much time has passed, we remember that the vulnerability directly affected the sandbox ,
allowing web applications that were executed using it to jump their limits and
enjoy privileges in the system to perform certain tasks, such as , unauthorized
software installation.
Although many of you already know what it consists of, sandboxes are
a complement to the presence of security tools, allowing the execution of
applications in a safe environment and that the modifications made or
operations do not affect the system, hence the importance of this
vulnerability.
To solve the problem, from Oracle they published Java SE
7 Update 40 in the month of October of that same year, however, after almost
three years since the exploits were detected they
are still useful.
From the company they believe that the problem does not
exist
One of the experts behind the discovery affirms that the
company believes that the problem is solved and that since it was reported for
the first time they have not maintained contact with it.
To carry out a satisfactory exploitation, only the
Click2Play function of Java must be evaded, which is responsible for ensuring
that the applets do not run with total freedom on the system.
Java security brings out the colors in Oracle
While Sun Microsystems was responsible for this
software, security experts agree that security was much better, or at least the
people behind it took it seriously. With the arrival of Oracle the
problems appeared and after so many years from the company they did not hit the
key and there are many who accuse of almost abandoning the software in terms of
security.
- Get link
- Other Apps
Popular Posts
Convergence of IT / OT and hybrid analysis in the industrial space
- Get link
- Other Apps
Why does a small techno business need to move to cloud-based accounting platforms?
- Get link
- Other Apps