Oracle's Java 7 Still Considered Unsafe
Oracle patches critical Java vulnerability. Last week, Oracle released a critical patch for Java addressing three different vulnerabilities that affect Java running in desktop browsers. Oracle as well as browser makers, including Mozilla, advised users to install the fix.
However, it appears that there are still open issues that the patch did not cover. Security firm Security Explorations has made some waves claiming that the issued fix for Java 6 and 7 is now paving the way for another vulnerability. The company told Information Week that "there are still not-yet-addressed, serious security issues that affect the most recent version of Java 7." Apparently the issue would allow an attacker to bypass Java's sandbox.
For Security Explorations, the vulnerability is critical enough to recommend users to disable Java for now. The problem, however, is only present in Java 7, and not in Java 6. According to Security Explorations, 25 of the 29 Java vulnerabilities it informed Oracle about have not been fixed by the company yet.
Wolfgang Gruener is a contributor to Tom's IT Pro. He is currently principal analyst at Ndicio Research, a market analysis firm that focuses on cloud computing and disruptive technologies, and maintains the conceivablytech.com blog. An 18-year veteran in IT journalism and market research, he previously published TG Daily and was managing editor of Tom's Hardware news, which he grew from a link collection in the early 2000s into one of the most comprehensive and trusted technology news sources.
See here for all of Wolfgang's Tom's IT Pro articles.