Dangerous Java flaw threatens virtually everything

Lee · #1 (**permalink**) 07-14-2007, 08:57 AM

Quote:

Google's Security team has discovered vulnerabilities in the Sun Java Runtime Environment that threatens the security of all platforms, browsers and even mobile devices.

"This is as bad as it gets," said Chris Gatford, a security expert from penetration testing firm Pure Hacking.

"It’s a pretty significant weakness, which will have a considerable impact if the exploit codes come to fruition quickly. It could affect a lot of organizations and users," Gatford told ZDNet Australia.

Australia's Computer Emergency Response Team (AusCERT) analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk.

"Delivery of exploits in this manner is attractive to attackers because even though the browser may be fully patched, some people neglect to also patch programs invoked by browsers to render specific types of content," said Lowe.

According to Gatford, the bugs threaten pretty much every modern device.

"Java runs on everything: cell phones, PDAs, and PCs. This is the problem when you have a vulnerability in something so modular--it affects so many different devices.

"Also, this exploit is browser independent, as long as it invokes a vulnerable Java Runtime Environment," said Gatford.

Pure Hacking’s Gatford said the problem is compounded by the slim chance of an enterprise patching Java Runtime vulnerabilities.

"It would be an extremely difficult and laborious process for an organization trying to patch Java Runtime across the enterprise," he said.

source: Dangerous Java flaw threatens virtually everything - Security - News - ZDNet Asia

I just came accross this and i am very shocked to here of something like this, it sounds like Java is going to need a big big patch? Do you think this means the future is down hill for Java? Will other languages replace it?

I personally think they will find a way to patch this, it may put a dent in there reputation but i am thinking it will come through strong as i know now its favoured a lot in the industry, but that's my thought, I'm not a Java geek or anything so maybe you all have some different opinions?

HelloWorld · #2 (**permalink**) 07-14-2007, 12:08 PM

I think Java just did an update a while back ago about 2 - 3 days ago, hopefully this problem is fixed, if not, then fight back! programmers!!!

Lee · #3 (**permalink**) 07-14-2007, 12:10 PM

I belive this news only came out 2 days ago, and yes i had an update about 3-4 days ago, i like the new little logo its got lol

HelloWorld · #4 (**permalink**) 07-14-2007, 12:18 PM

Quote:

Originally Posted by Lee

I belive this news only came out 2 days ago, and yes i had an update about 3-4 days ago, i like the new little logo its got lol

LOL! Does the News say anything about when is this vulnerabilities founded? Because it may be the news published later, because you know if there's a vulnerabilities, I'm sure that they're NOT suppose to publish it to let everybody know. Java must update first, then publish the news

Lee · #5 (**permalink**) 07-14-2007, 01:49 PM

Quote:

Originally Posted by HelloWorld

LOL! Does the News say anything about when is this vulnerabilities founded? Because it may be the news published later, because you know if there's a vulnerabilities, I'm sure that they're NOT suppose to publish it to let everybody know. Java must update first, then publish the news

Yes i think that maybe the case but considering how it was so big they did well to fix it by now.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode