Last Updated: 2013-01-19 22:27:27 UTC
by Guy Bruneau (Version: 1)
According to a posting yesterday by Adam Gowdiak of Security Explorations to Full Disclosure, Java 7 Update 11 (CVE-2013-0422) is still vulnerable as "[...] a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 (JRE version 1.7.0_11-b21)."
The MBeanInstantiator bug hasn't yet been addressed. Yesterday, Security Exploration reported two more vulnerabilities to Oracle along with Proof of Concept code (issue 50 and 51) .
We received several comments from our readers after the patch was released , how many of you have followed CERT's advice to disable Java content in their web browsers after they updated to 7u11? Please take a minute to answer our poll, What is your main concern about Java?
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
I will be teaching SEC 503 in Toronto this coming June