“By now you’ve heard about the latest, very serious problem with Oracle’s Java runtime,” Simon Phipps reports for InfoWorld. “You may also have heard that it could take a very long time to fix.”
“Here’s why: The flaw uncovered by security researchers last week devolves not to one issue, but to a series of issues, one knocking into the other like dominoes,” Phipps reports. “Oracle has fixed one of the dominos with a patch, but there are likely to be other ways to tip over the entire row.”
Much more in the full article here.
Related articles:
How to kill Java dead, dead, dead; this outdated tech must be exterminated – January 15, 2013
Java 7 update 11 security patch fixes nothing; users advised to disable Java – January 14, 2013
Oracle releases Java Version 7 Update 11 – January 14, 2013
Oracle Corp to fix Java security flaw ‘shortly’ – January 12, 2013
Apple blocks OS X Java 7 plug-in as U.S. Department of Homeland Security warns of zero day threat – January 11, 2013
Apple makes OS X even more secure for Mac users by removing Java – October 19, 2012
Apple uninstalls Java applet plug-in from all web browsers – October 17, 2012
New zero-day Java exploit puts 1 billion PCs and Macs running OS X 10.6 or earlier at risk – September 26, 2012
Warning: New Java trojan targets Apple’s OS X along with Windows, Linux – July 11, 2012
Apple releases Java Update to remove Flashback trojan – April 12, 2012
OS X trojan variant preys on Mac users with unpatched Java – February 27, 2012
Jobs: Having Oracle, not Apple, release timely Java updates better for Mac users – October 22, 2010
Apple deprecates its release of Java for Mac OS X – October 21, 2010
Wow, all those companies running Oracle ERP systems, that run on java, are now so vulnerable??? Will public companies have to make disclosures under Sarbanes Oxly related to internal control weaknesses associated with Oracle ERP systems incorporating java?
BTW Apple is an Oracle ERP shop!!!
This flaw only affects the Java web browser plugin. The Java servers you are talking about aren’t affected. Few companies (if any) rely on the Java browser plugin.
Apple is an SAP ERP Shop.
What’s amazing is that it appears that either Sun and/or Oracle broke the original design rules of Java sandboxing that should have prevented this from happening in the first place. I recall reading an in-depth article years ago explaining g the difference between Java and the notoriously vulnerable Active-X. Sandboxing was a critical component to assure security. That this was breached is inexcusable.