“Researchers have discovered a flaw in the latest version of Oracle’s Java runtime environment that attackers can exploit to remotely execute malicious code on end user machines.
The bug in the Java Web Start component has been confirmed exploitable on all recent versions of Windows by Tavis Ormandy, a security researcher who prefers his employer not be named. Fellow researcher Ruben Santamarta of Spain-based security firm Wintercore, said a related flaw potentially affects Linux users as well.”
Here is some more Tech News from around the web:
- Windows 95 on the iPad @ [H]ard|OCP
- Han Solo In Carbonite Soap @ Geeky Gadgets
- Digital Prestidigitation with Photoshop CS5’s Content-Aware Fill @ ExtremeTech
- Why Does Verizon Even Want the iPhone? @ TechReviewSource
- Microsoft releases an updated Visual Studio @ The Inquirer
- Canon EOS Rebel T2i Review @ Digital Trends
- Five Minutes with Adobe @ t-break
- Overclockers.com Benching Team SuperPi Competition
Careful out there on the web, someone spiked the Java again
Source: The Register
Apparently it took a pair of independent researchers discovering and reporting a fairly nasty and very unpatched flaw in Java for Oracle to even consider breaking their normal patch cycle. The Register reports on a flaw that can affect Windows and Linux based machines using the commands that Java Web Start will accept. Not every machine will be vulnerable thankfully, an ActiveX control known as Java Deployment Toolkit and a Firefox plugin known as NPAPI are two ways this flaw can be exploited or shared. In the mean time consider that one security researcher uninstalled Java a year ago and has still been surfing just fine.