Saturday, January 12, 2013

Alert: Oracle Java 7 Security Manager Bypass Vulnerability

A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack).

Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors.

Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.

Source: http://www.us-cert.gov/cas/techalerts/TA13-010A.html

Oracle Java 7 Security Manager Bypass Vulnerability
Oracle Java 7 Security Manager Bypass Vulnerability


Further technical details are available in Vulnerability Note VU#625617.

Vulnerability Note VU#625617: Java 7 fails to restrict access to privileged code
Vulnerability Note VU#625617: Java 7 fails to restrict access to privileged code


To disable Java in browser, read:


No comments:

Post a Comment