{"id":1291,"date":"2013-03-07T09:53:08","date_gmt":"2013-03-07T14:53:08","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=1291"},"modified":"2013-03-07T09:53:08","modified_gmt":"2013-03-07T14:53:08","slug":"five-new-flaws-found-in-the-latest-version-of-java","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/03\/07\/five-new-flaws-found-in-the-latest-version-of-java\/","title":{"rendered":"Five new flaws found in the latest version of Java"},"content":{"rendered":"<p>Five new flaws found in the latest version of Java<br \/>\nA week after disclosing two Java vulnerabilities, a Polish security firm reported finding five more in the latest version of Java. When used together, the new holes could bypass the technology&#8217;s sandbox in order to install malware.<br \/>\nSecurity Explorations notified Oracle Monday of the vulnerabilities in Java SE 7 Update 15. Along with details of the flaws, Security Explorations also supplied proof of concept code.<br \/>\nOracle did not respond to a request for comment.<br \/>\nSeparately, the flaws do not pose a security problem, the company said. However, when linked together, they can enable someone to bypass the Java&#8217;s anti-exploit sandbox technology. Security Explorations said it had not seen the vulnerabilities exploited in the wild.<br \/>\nThe latest vulnerability report follows a week after the same company reported two other holes in Oracle&#8217;s latest plug-in used to run Java applications in a browser.<br \/>\nOracle shipped Java SE 7 Update 15 on Feb. 19, bundling patches released Feb. 1 in an emergency update fixing five other flaws. The next regularly scheduled update is April 16.<br \/>\nThe latest discovery came after Oracle rejected one of the bugs Security Explorations reported Feb. 25. &#8220;It made us look into Java SE 7 code and its docs once again, gathering counterargument material,&#8221; Adam Gowdiak, chief executive of the company, said in a post on SecLists.org.<br \/>\nTwo of the vulnerabilities could also affect Java SE 6, Gowdiak said. &#8220;But since all of the issues need to be combined together to gain a successful Java SE security compromise, we treat it as affecting Java SE 7 only.&#8221;<br \/>\nFaster patches<br \/>\nIn releasing the Java SE 7 update this month, Oracle said that it would speed up its patching cycle for Java, which has suffered a significant number of exploitations in the wild through zero-day vulnerabilities. A zero-day flaw is one that has yet to be patched by the software vendor.<br \/>\n&#8220;Oracle&#8217;s intent is to continue to accelerate the release of Java fixes, particularly to help address the security worthiness of the Java Runtime Environment in desktop browsers,&#8221; Eric Maurice, Oracle&#8217;s director of software assurance, said in a blog post.<br \/>\nOracle had released Java updates every four months. Under the new schedule, it will ship updates every two months.<br \/>\nFor months, security experts have recommended that people disable Java in all browsers, since only a small number of websites still used the application platform. In those rare cases when Java is needed to run a specific application, experts recommend dedicating one browser for that single purpose.<br \/>\nvia <a href=\"http:\/\/www.pcworld.com\/article\/2030067\/five-new-flaws-found-in-the-latest-version-of-java.html\" target=\"_blank\">Five new flaws found in the latest version of Java | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Five new flaws found in the latest version of Java A week after disclosing two Java vulnerabilities, a Polish security [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[341,380,583],"class_list":["post-1291","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-exploit","tag-flaws","tag-java"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-kP","jetpack-related-posts":[{"id":8767,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/12\/07\/security-vulnerabilities-found-in-support-software-from-lenovo-toshiba-and-dell\/","url_meta":{"origin":1291,"position":0},"title":"Security vulnerabilities found in support software from Lenovo, Toshiba, and Dell","author":"NCCT","date":"December 7, 2015","format":false,"excerpt":"By Lucian Constantin | PCWorld The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5916,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/08\/attack-on-dailymotion-redirected-visitors-to-exploits\/","url_meta":{"origin":1291,"position":1},"title":"Attack on Dailymotion redirected visitors to exploits","author":"NCCT","date":"July 8, 2014","format":false,"excerpt":"Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware. The rogue code consisted of an iframe that appeared on Dailymotion on June 28, researchers from security vendor Symantec said Thursday in a blog post. The iframe redirected browsers to\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8157,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/04\/29\/researcher-claims-that-attackers-can-easily-bypass-current-osx-security-tools\/","url_meta":{"origin":1291,"position":2},"title":"Researcher claims that attackers can easily bypass current OSX security tools","author":"NCCT","date":"April 29, 2015","format":false,"excerpt":"Most Mac users feel as though they are impenetrable to viruses and malicious software, but according to one researcher that is not the case. While Apple has its fair share if security measures in place, recent data has surfaced suggesting those tools are \u201ctrivial\u201d for any attacker to bypass. For\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5980,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/15\/future-java-7-security-patches-will-work-on-windows-xp-despite-end-of-official-support\/","url_meta":{"origin":1291,"position":3},"title":"Future Java 7 security patches will work on Windows XP despite end of official support","author":"NCCT","date":"July 15, 2014","format":false,"excerpt":"Oracle has dispelled rumors that the upcoming security update for Java 7 and those it will release in the future might not work on Windows XP. \u201cWe expect all versions of Java that were supported prior to the Microsoft de-support announcement to continue to work on Windows XP for the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8738,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/09\/surprise-adobes-flash-is-a-favorite-hacking-target-by-far\/","url_meta":{"origin":1291,"position":4},"title":"Surprise: Adobe&#8217;s Flash is a favorite hacking target by far","author":"NCCT","date":"November 9, 2015","format":false,"excerpt":"Jeremy Kirk | PCWorld Adobe Systems\u2019 Flash plugin gets no love from anyone in the security field these days. A new study released Monday shows just how much it is favored by cybercriminals to sneak their malware onto computers.It looked at more than 100 exploit kits, which are frameworks planted\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5659,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/06\/02\/flaws-in-popular-seo-plug-in-put-wordpress-websites-at-risk\/","url_meta":{"origin":1291,"position":5},"title":"Flaws in popular SEO plug-in put WordPress websites at risk","author":"NCCT","date":"June 2, 2014","format":false,"excerpt":"Many WordPress websites could be at risk of compromise if their administrators don\u2019t upgrade a popular search engine optimization (SEO) plug-in to a newly released version that fixes serious vulnerabilities. Researchers from Web security firm Sucuri found two flaws in a plug-in called \u201cAll in One SEO Pack\u201d that potentially\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/core5.staticworld.net\/images\/article\/2013\/04\/hacker_internet_web_attack-100033459-large.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/core5.staticworld.net\/images\/article\/2013\/04\/hacker_internet_web_attack-100033459-large.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/core5.staticworld.net\/images\/article\/2013\/04\/hacker_internet_web_attack-100033459-large.jpg?resize=525%2C300 1.5x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=1291"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/1291\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=1291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=1291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=1291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}