Exploits found in Java 7 Update 11 just Released to fix Zero-Days

Java Setup

Those that rushed to deploy the latest Java update to plug remote exploit vulnerability woes aren’t done yet. Looks like the exploit still exists in the new version and can be exploited by two new security vulnerabilities.

Security Explorations company founder and security researcher Adam Gowdiak released the warning today on Seclists.org Full Disclosure:

“We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 (JRE version 1.7.0_11-b21).

…As a result, two new security vulnerabilities were spotted in a recent version of Java SE 7 code and they were reported to Oracle today (along with a working Proof of Concept code).”

This is a serious concern as many companies need Java and can’t just simply “turn it off”. Hopefully another security update will be released soon.

~ by D. Dieterle on January 18, 2013.

One Response to “Exploits found in Java 7 Update 11 just Released to fix Zero-Days”

  1. This whole Java deal was, and is quite the scare. Thanks for sharing!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: