Latest Java Update To Fix Vulnerabilities Has Even More Vulnerabilities….. WTF?

You have to question how seriously Oracle takes security. They had a version of Java that had vulnerabilities that were being actively exploited. They then came out with an update that dealt with that last Thursday. But now it seems that Oracle has new issues with Java:

Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system.

Security Explorations sent a report about the vulnerability to Oracle on Friday together with a proof-of-concept exploit, Adam Gowdiak, the security company’s founder and CEO said Friday via email.

The company doesn’t plan to release any technical details about the vulnerability publicly until Oracle addresses it, Gowdiak said.

This sucks. Given that Oracle had to rush out a patch to fix a major security issue with Java, you’d think they’d make sure that it was actually secure. This whole episode leaves me with the impression that Oracle doesn’t take security in the Java environment seriously. You can also safely bet that whatever issues that do exist in Java that Security Explorations found, the bad guys are looking for as you read this. Not a good thing if you ask me.

So, how can you stay safe? In my case, I actually need Java so I can’t uninstall it. But for the masses, you don’t need Java. Disable it until Oracle get a fix released (which I hope is actually secure this time). But if I were you I’d get rid of it and make your computer more secure since Oracle can’t seem to get security right.

Leave a Reply

%d bloggers like this: