A patch for a critical 2013 Java vulnerability is incomplete, and exposes Java servers and clients to a sandbox bypass, researchers at Security Explorations of Poland said.
Tag Archives: Java Security
Oracle Settles with FTC Over ‘Deceptive’ Java Security Updates
Oracle will be required to provide users with a mechanism to uninstall older and vulnerable versions of Java, following a settlement with the Federal Trade Commission.
Custom Google App Engine Tweak Still Leads to Java Sandbox Escapes
Researchers at Security Explorations say a change implemented by Google to the Java security model as its implemented in the Google App Engine leads to sandbox escapes.
Oracle Patches Backdoor Vulnerability, Recommends Disabling SSL
Oracle’s January 2015 Critical Patch update includes a fix for a backdoor found in the Oracle E-Business Suite by researcher David Litchfield. The patch is among 169 released in the CPU.
Java Reflection API Woes Resurface in Latest Oracle Patches
Oracle’s Critical Patch update addresses 154 vulnerabilities, many of which are remotely exploitable. Security Explorations of Poland, meanwhile, published details on a number of Java flaws in the Java Reflection API.