On Thursday, August 30, 2012 2:26:11 PM UTC+2, JessHolle wrote: > > Hmm.... > > I guess I'm slow here. I only heard about the latest vulnerability on > 8/26 or so. I can't see anything indicating it was widely know prior to > that. > > I'm missing where the 4 months comes from on the latest issue. > > Some vulnerabilities may have gone 4 months -- but some vulnerabilities > are rather minor too. >
There's a high-level report about it at arstechnica: http://arstechnica.com/security/2012/08/critical-java-bugs-reported-4-months-ago/ If it already made it into malware kits, works on all platforms, and considering there are 100M installations vulnerable - then it's very serious issue for Oracle and Java's rep. -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/pJEOBz0seS8J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
