| Home : January 28 2013 Computer News : Bug makes Java's latest anti-exploit defenses moot, claims researcher |
|
Bug makes Java's latest anti-exploit defenses moot, claims researcher |
January 28, 2013
Java's new security settings, designed to block "drive-by" browser attacks, can be bypassed by hackers, a researcher announced Sunday.
The news came in the aftermath of several embarrassing "zero-day" vulnerabilities, and a recent commitment by the head of Java security that his team would fix bugs in the software.
The Java security provisions that can be circumvented were introduced last December with Java 7 Update 10, and let users decide which Java applets are allowed to run within their browsers. The most stringent of the four settings is supposed to block any applet not signed with a valid digital certificate. Other settings freely allow most unsigned applets, execute unsigned applets only if Java itself is up to date, or display a warning before unsigned applets are allowed to run.
But according to Adam Gowdiak, CEO of Security Explorations, none of the settings can stymie an attacker.
To read this article in full or to leave a comment, please click here
Link: http://www.computerworld.com/s/article/9236255/New_bug_makes_moot_Java_s_latest_anti_exploit_defenses_claims_researcher
|
|
|
|
|
