Adam Gowdiak: New bug makes moot Java's latest anti-exploit defenses
Java's new security settings, designed to block "drive-by" browser attacks, can be bypassed by hackers, a researcher announced Sunday.
The news came in the aftermath of several embarrassing "zero-day" vulnerabilities, and a recent commitment by the head of Java security that his team would fix bugs in the software.
The Java security provisions that can be circumvented were introduced last December with Java 7 Update 10, and let users decide which Java applets are allowed to run within their browsers. The most stringent of the four settings is supposed to block any applet not signed with a valid digital certificate. Other settings freely allow most unsigned applets, execute unsigned applets only if Java itself is up to date, or display a warning before unsigned applets are allowed to run.
- Wed, 2013-04-24 06:25
- Fri, 2013-04-19 05:32
- Wed, 2013-04-17 14:38