Adam Gowdiak patches Java 0-day that Oracle is too slow to fix
Polish firm Security Explorations and its CEO Adam Gowdiak continue to be the a thorn in Oracle's side by repeatedly questioning the giant's decision not to issue an out-of-band patch for a critical Java flaw in Java SE (Standard Edition) 5, 6 and 7.
According to their research, the vulnerability could allow attackers to bypass the security sandbox in those three versions of Java, which are currently installed on nearly a billion of machines around the world.
The flaw was reported by the firm a few weeks before the scheduled October 16 Java Critical Patch Update but, according to Oracle, creating a patch for it and testing it would have seriously delayed the update, so Oracle chose to leave it for the next one, which is scheduled for February 2013.
- Wed, 2013-04-24 06:25
- Fri, 2013-04-19 05:32
- Wed, 2013-04-17 14:38