Another week, another security hole. At least update 11 adds confirmation dialog for non-signed code, which makes new holes harder to exploit. Perhaps Oracle should change their update policy from 4 months to 4 days instead. ;)
http://arstechnica.com/security/2013/01/critical-java-vulnerabilies-confirmed-in-latest-version/ /Casper On Monday, January 14, 2013 4:09:41 AM UTC+1, jddarcy wrote: > > Notification directly from Oracle on this matter: > > https://blogs.oracle.com/security/entry/security_alert_for_cve_2013 > > -Joe > > On Sun, Jan 13, 2013 at 7:02 PM, Ricky Clarkson > <[email protected] <javascript:>> wrote: > > > http://blogs.computerworld.com/cybercrime-and-hacking/21627/oracle-patches-java-7-security-flaw-update-11 > > > > > > > On Sun, Jan 13, 2013 at 10:44 PM, Phil Swenson > > <[email protected]<javascript:>> > > > wrote: > >> > >> What is it going to take to get oracle to just kill java in the > browser? > >> It's an unneeded/obsolete embarrassment. > >> > >> > >> On Jan 11, 2013, at 7:36 AM, Casper Bang <[email protected]<javascript:>> > wrote: > >> > >> Naturally. It's the first time, over the last couple of JRE bugs, that > my > >> bank officially on their front page, is now issuing a warning against > >> running Java 7 (which is a bit of a problem, as using Java is pretty > much > >> mandatory with our contry's SSO solution). > >> > >> On Thursday, January 10, 2013 5:55:22 PM UTC+1, Cédric Beust ♔ wrote: > >>> > >>> On Thu, Jan 10, 2013 at 7:31 AM, Casper Bang <[email protected]> > wrote: > >>>> > >>>> In any event, the exploit has now made it into the known exploit kits > >>>> Blackhole and NuclearPack, so a new wave of JVM security exploits now > seems > >>>> eminent: > >>> > >>> > >>> Hopefully you mean 'imminent' :-) > >>> > >>> -- > >>> Cédric > >>> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Java Posse" group. > >> To view this discussion on the web visit > >> https://groups.google.com/d/msg/javaposse/-/6fFk5pAxFd0J. > >> To post to this group, send email to > >> [email protected]<javascript:>. > > >> To unsubscribe from this group, send email to > >> [email protected] <javascript:>. > >> For more options, visit this group at > >> http://groups.google.com/group/javaposse?hl=en. > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Java Posse" group. > >> To post to this group, send email to > >> [email protected]<javascript:>. > > >> To unsubscribe from this group, send email to > >> [email protected] <javascript:>. > >> For more options, visit this group at > >> http://groups.google.com/group/javaposse?hl=en. > > > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Java Posse" group. > > To post to this group, send email to [email protected]<javascript:>. > > > To unsubscribe from this group, send email to > > [email protected] <javascript:>. > > For more options, visit this group at > > http://groups.google.com/group/javaposse?hl=en. > -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To view this discussion on the web visit https://groups.google.com/d/msg/javaposse/-/XtN6KCMh-z4J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
