Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours

Published: 2012-08-31
Last Updated: 2012-08-31 18:13:32 UTC
by Russ McRee (Version: 1)
6 comment(s)

Polish security firm Security Explorations has sent an advisory, with a proof-of-concept exploit, to Oracle today (Friday 31 AUG) specific to a vulnerability they discovered in the Java 7 security update released Thursday.  This newly reported vulnerability can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system.
Standby for more on this one, no word yet from Oracle regarding their remediation plans.

As Rapid7's Tod Beardsley has said: "As it happens, very few websites rely on Java for dynamic content. Java isn't relied on nearly as much as Javascript and Flash. Most people can disable their Java browser plugin and not really notice the difference."

What mitigations are you utilizing to protect yourselves? Going so far as disabling Java all together? Feedback welcome via comments.

See Scott's post from yesterday for the original advisory details.

Russ McRee | @holisticinfosec

 

 

6 comment(s)
Diary Archives