That's not a straight forward scenario either. Some OS-X Java vulnerabilities were exploited because the release of the OS-X version of JVM lags behind.
I don't have an android phone, so I'm wondering how vulnerability patching works with Android. Because the cell phone service providers usually modify the Android a little, so does Dalvik VM patch needs to go through the providers too, or it can go directly from Google onto the device. I have a feeling that the providers hold back patches and there's a lag, which creates opportunities for attack vectors. Not even talking about upgrading to new versions of Android in case of devices: in that case I certainly know that this is seriously hold back by the cell phone service providers. (Ok, I had a dead-battery HTC for a while for play, and I needed to install Cyanogen to get Android 2.2 on it instead of the 1.6). Csaba ________________________________________ From: [email protected] [[email protected]] On Behalf Of Tilghman Lesher [[email protected]] Sent: Saturday, September 08, 2012 7:33 PM To: [email protected] Subject: Re: [nlug] Java security issue? On Sat, Sep 8, 2012 at 9:14 PM, John R. Dennison <[email protected]> wrote: > On Sat, Sep 08, 2012 at 08:39:51PM -0500, Toth, Csaba wrote: >> I'm involved with Java, and it's sad to see that some big technology >> sites advise to uninstall Java completely. > > Oracle sat on at least 2 root-able vectors for a long time. Disabling > or uninstalling in the face of their security mismanagement is prudent > considering that at least one 0-day in the wild was dropping root kits. Google's decision to build it's own virtual machine looks smarter all the time. I wonder when we can expect to see Dalvik packaged for desktop use. -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
