3 Billion Devices Run (Vulnerable) Java

Sep. 26th, 2012 12:55 pm
wizzard: (Default)
[personal profile] wizzard
The newly discovered bug is special for several reasons. This
is our "anniversary" finding (Issue number 50). We discovered
it exclusively for JavaOne 2012 [1]. Finally, the bug allows
to violate a fundamental security constraint of a Java Virtual
Machine (type safety).

The following Java SE versions were verified to be vulnerable:
- Java SE 5 Update 22 (build 1.5.0_22-b03)
- Java SE 6 Update 35 (build 1.6.0_35-b10)
- Java SE 7 Update 7  (build 1.7.0_07-b10)

All tests were successfully conducted in the environment of a
fully patched Windows 7 32-bit system and with the following
web browser applications:
- Firefox 15.0.1
- Google Chrome 21.0.1180.89
- Internet Explorer 9.0.8112.16421 (update 9.0.10)
- Opera 12.02 (build 1578)
- Safari 5.1.7 (7534.57.2)


http://seclists.org/fulldisclosure/2012/Sep/170 it's official :)
Tags:
  • Add Memory
  • Share This Entry
(will be screened)
(will be screened if not validated)
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Profile

wizzard: (Default)
wizzard

January 2019

S M T W T F S
  12 345
6789101112
1314 1516171819
202122 23242526
2728293031  

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Mar. 6th, 2026 02:00 pm
Powered by Dreamwidth Studios