Yet Another New Java Zero Day Exploit Discovered

Clearly, the case for dumping Java is being made with all of these zero day exploits popping up. The latest one goes something like this:

The bug, which was publicly reported on the Full Disclosure security mailing list Tuesday by Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations, can be leveraged to hijack a machine equipped with Java, letting attackers install malware on the system.

Windows PCs and Macs are equally at risk if their users have installed Java, or in the case of OS X, are running 10.6, aka Snow Leopard, or earlier. Snow Leopard was the last edition where Apple bundled Java with the operating system.

All currently-support versions of Java, including Java 5, Java 6 and Java 7, contain the bug.

Well, that’s a #fail. There is a fix coming… We think:

The company also told him that the bug will be patched in a future Java security update, but that it did not name which. The next on Oracle’s quarterly schedule will ship Oct. 16.

The company in question is Oracle who is responsible for Java. One hopes that this fixes things. But seriously. Oracle has to get their stuff together as these security issues are getting sad.

Leave a Reply

%d bloggers like this: