New Java bug can give an attacker complete control of a PC
The curious thing is that the update was released yesterday by Oracle to stop a series of attacks they installed malware on users’ computers, using another Security flaw in the software, widely used. After some research, it was discovered that Oracle knew of this problem since last April, four months before the exploits are detected. Oracle has not explained why it took so long to release a patch.
Security Explorations, a Polish security company, found that the latest Java 7 Update 7 has a vulnerability that, combined with other available before, would bypass the Java sandbox and take control of a PC. The company reported the problem to Oracle.
Security Explorations has not released many details about the failure to prevent criminal use it to launch attacks.
A root of this problem and those presented before this patch, many security experts have called for people to uninstall Java from your computer. This option is possible because many programs work without Java, although some others may stop operating.
Link: Critical bug in newest Java Gives attackers complete control of PCs (ArsTechnica)Tags: Java, Oracle, Patch, Security, vulnerability