Oracle releases Java SE 7

All topics about coding, designing, etc. goes in here.
User avatar
hamin_aus
Forum Moderator
Posts: 18363
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: Galax GTX1080
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

Re: Oracle releases Java SE 7

Post by hamin_aus »

Time to resurrect a classic thread...
www.theregister.co.uk wrote:Here we go again: Critical flaw found in just-patched Java

Security Explorations, the Polish security startup that discovered the Java SE 7 vulnerabilities that have been the targets of recent web-based exploits, has spotted a new flaw that affects the patched version of Java released this Thursday.

The company would not disclose specific details on the nature of the new vulnerability because it does not release such information to the public – a reasonable precaution.

However, Security Explorations founder and CEO Adam Gowdiak was able to confirm that the defect does affect Java SE 7 Update 7, which Oracle released this week as a rare out-of-band patch.

"The bug is related to some of our previous bugs reported to Oracle in April 2012 (and not yet patched) in such a way so that it allows to exploit them again," Gowdiak told El Reg in an email.

As in the case of the earlier vulnerabilities, Gowdiak says, this flaw allows an attacker to bypass the Java security sandbox completely, making it possible to install malware or execute malicious code on affected systems.

Unlike the earlier vulnerabilities, no known exploit of the new flaw has yet been found in the wild, but Gowdiak says he included proof-of-concept code with the report to demonstrate that an exploit is indeed possible.

Oracle has not acknowledged that the new vulnerability actually exists, but it has confirmed that it has received Security Explorations' vulnerability report and is analyzing it.

Assuming Oracle does agree that the flaw exists, however, when it will be patched is anybody's guess. The next scheduled Java Critical Patch Update (CPU) isn't due until October 16 – and when Oracle released its last Java CPU in June, it had only patched two of the 31 flaws Security Explorations reported in April.

Oracle could release another emergency patch as it did this week, but such occasions have been rare for the database giant. It may be reluctant to do so again, given that the new flaw isn't known to be under active attack.

That's likely to happen soon, though. Now that the black hat community knows that a vulnerability exists, creating an exploit will only be a matter of locating it.

For the time being, given the apparent similarity of this flaw to the ones previously reported, users are advised to either disable Java in their browsers or uninstall it completely to avoid falling prey to any future exploits.
How titillating!
Please explain one more time how Java is a great language
Image
User avatar
rustypup
Registered User
Posts: 8872
Joined: 13 Dec 2004, 02:00
Location: nullus pixius demonica
Contact:

Re: Oracle releases Java SE 7

Post by rustypup »

:lol: worst trollbait yet... also... the register? seriously?
Most people would sooner die than think; in fact, they do so - Bertrand Russel
KALSTER
Forum Moderator
Posts: 5439
Joined: 12 Oct 2008, 02:08

Re: Oracle releases Java SE 7

Post by KALSTER »

Malwarebytes FTW. :?
"It is the mark of an educated mind to be able to entertain a thought without accepting it." - Aristotle
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
User avatar
rustypup
Registered User
Posts: 8872
Joined: 13 Dec 2004, 02:00
Location: nullus pixius demonica
Contact:

Re: Oracle releases Java SE 7

Post by rustypup »

KALSTER wrote:Malwarebytes FTW. :?
more likely "Not visiting dodgy sites/clicking on spam-mail links" FTW... because these sorts of exploits are present in all software.. productivity suite, browser, VM, OS... you name it...

drawing attention to it and advising that the only rational response is to uninstall the software is equivalent to pointing out a similar flaw in the OS and advising people to go back to using an abacus...

ie, complete fabricated idiocy designed to play to the common mouth-breather's delight in dramatic news...
Most people would sooner die than think; in fact, they do so - Bertrand Russel
User avatar
hamin_aus
Forum Moderator
Posts: 18363
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: Galax GTX1080
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

Re: Oracle releases Java SE 7

Post by hamin_aus »

Image
Image
KALSTER
Forum Moderator
Posts: 5439
Joined: 12 Oct 2008, 02:08

Re: Oracle releases Java SE 7

Post by KALSTER »

@Rusty:

I'll buy that. Office PC still on XP SP2 using MSE free edition and no problems at all. Home PC the same, but with Windows 7. Haven't actually used Malwarebytes for years. Had a rootkit problem last year though. Killed it with Combofix.
"It is the mark of an educated mind to be able to entertain a thought without accepting it." - Aristotle
Intel i5 2500; AsRock Z77 Extreme 4; Asus GTX580; 4x 2GB DDR3 1333; Intel 520 240GB SSD + 2x WD 3TB + 2TB Samsung; Samsung 22X DVD/RW; 23" LG W2343T-PF; Huntkey 700W
User avatar
hamin_aus
Forum Moderator
Posts: 18363
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: Galax GTX1080
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

Re: Oracle releases Java SE 7

Post by hamin_aus »

Gonna resume the Java criticisms because damn it, I hate Java... and EA...
au.ign.com wrote: Lucy Bradshaw (...EA senior vice president) made several statements implying that Maxis could not take SimCity offline, including once going so far as to say it was “not possible” to do. Maxis has since clarified that she intended to qualify that with statement “without a significant amount of engineering work,” as she did elsewhere on the same day. Those claims added fuel to the fire of angry customers, as a home-made offline-mode hack was already making the rounds.

The engineering work Bradshaw referred to, according to Buechner, was largely that Maxis had to completely rewrite much of the server code. Originally done in the Java programming language, it had to be redone in C++ in order to make it run locally on our PCs.
So to improve Sim City they are scrapping Java and rewriting the back end in C++

Going back and rereading this thread was a blast. Java fanbois...
Image
GDI_Lord
Forum Administrator
Posts: 2663
Joined: 05 Sep 2005, 02:00

Re: Oracle releases Java SE 7

Post by GDI_Lord »

Every time I drink a cup of coffee I turn to the IT guy and say, "I just installed the latest Java update."

I think I may or may not be off of his Christmas list. :-)
Important Thread: Yours in Christ's service,
GDI_Lord
Forum Administrator
Posts: 2663
Joined: 05 Sep 2005, 02:00

Re: Oracle releases Java SE 7

Post by GDI_Lord »

<sensationalism>
Oracle Shipping Java 8 In March With Known Bugs Intact - http://www.tomsitpro.com/articles/java- ... -1569.html
</sensationalism>
Important Thread: Yours in Christ's service,
User avatar
hamin_aus
Forum Moderator
Posts: 18363
Joined: 28 Aug 2003, 02:00
Processor: Intel i7 3770K
Motherboard: GA-Z77X-UP4 TH
Graphics card: Galax GTX1080
Memory: 32GB G.Skill Ripjaws
Location: Where beer does flow and men chunder
Contact:

Re: Oracle releases Java SE 7

Post by hamin_aus »

GDI_Lord wrote:Oracle Shipping Java 8 In March With Known Bugs Intact
Meet new Java.
Same as old Java.
Image
Post Reply