Besides Oracle JVM other JVM are affected too. Obviously OpenJDK, IcedTea (OK, this one is not a big surprise either, because it is based on OpenJDK).
Java is really multi-platform: once a JVM is affected by these exploits, all platforms are affected. Sometime exploits can rely on JVM optimization (like the JVM optimize out a type check, so the maliciously crafted bogus deserialized object data won't be checked when it is serialized in). These types more likely not work on other JVMs. I haven't heard about Dalvik yet. Csaba ________________________________________ From: [email protected] [[email protected]] On Behalf Of John F. Eldredge [[email protected]] Sent: Sunday, September 09, 2012 3:09 PM To: [email protected] Subject: Re: [nlug] Java security issue? Tilghman Lesher <[email protected]> wrote: > On Sat, Sep 8, 2012 at 9:14 PM, John R. Dennison <[email protected]> > wrote: > > On Sat, Sep 08, 2012 at 08:39:51PM -0500, Toth, Csaba wrote: > >> I'm involved with Java, and it's sad to see that some big > technology > >> sites advise to uninstall Java completely. > > > > Oracle sat on at least 2 root-able vectors for a long time. > Disabling > > or uninstalling in the face of their security mismanagement is > prudent > > considering that at least one 0-day in the wild was dropping root > kits. > > Google's decision to build it's own virtual machine looks smarter all > the time. I wonder when we can expect to see Dalvik packaged for > desktop use. Do any of these exploits affect Android, since it is Java-based, or are they only on the standard Java VM? -- John F. Eldredge -- [email protected] "Reserve your right to think, for even to think wrongly is better than not to think at all." -- Hypatia of Alexandria -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en
