So true ASB....
Hello All, We had yet another look into Oracle's Java SE 7 software that was released by the company on Feb 19, 2013. As a result, we have discovered two new security issues (numbered 54 and 55), which when combined together can be successfully used to gain a complete Java security sandbox bypass in the environment of Java SE 7 Update 15 (1.7.0_15-b03). Following our Disclosure Policy [1], we provided Oracle with a brief technical description of the issues found along with a working Proof of Concept code that illustrates their impact. Both new issues are specific to Java SE 7 only. They allow to abuse the Reflection API in a particularly interesting way. Without going into further details, everything indicates that a ball is in Oracle's court. Again. Thank you. Best Regards Adam Gowdiak --------------------------------------------- Security Explorations http://www.security-explorations.com "We bring security research to the new level" --------------------------------------------- References: [1] Security Explorations - Disclosure Policy http://www.security-explorations.com/en/disclosure-policy.html Edward E. Ziots, CISSP, Security +, Network + Security Engineer Lifespan Organization [email protected] This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: Andrew S. Baker [mailto:[email protected]] Sent: Tuesday, February 26, 2013 8:46 AM To: NT System Admin Issues Subject: Re: Java 7-15 failures. Have no fear: at the rate that Java exploits and vulnerabilities are being found in Java, they'll be providing more updates shortly. Maybe they'll fix that problem, or maybe more people will get the impetus to work around them. ASB http://XeeMe.com/AndrewBaker<http://xeeme.com/AndrewBaker> Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market... On Mon, Feb 25, 2013 at 9:31 PM, Jon Harris <[email protected]<mailto:[email protected]>> wrote: I am having similar issues. I just wish I did not need this crapware for work. Jon > From: [email protected]<mailto:[email protected]> > To: > [email protected]<mailto:[email protected]> > Subject: RE: Java 7-15 failures. > Date: Mon, 25 Feb 2013 17:23:12 +0000 > > I am seeing the IE activation issue on multiple machines myself when I get > the exe to work. > > -----Original Message----- > From: Sam Cayze [mailto:[email protected]<mailto:[email protected]>] > Sent: Monday, February 25, 2013 12:20 PM > To: NT System Admin Issues > Subject: RE: Java 7-15 failures. > > No issues with the actual installer... But I'm having a heck of time having > the IE pluggin actually work after an upgrade. It's getting tiresome trying > to fix this after each update. IE says the add-on is enabled and all that > jazz. But no Java will actually load in IE. Haven't pinpointed the actually > fix yet, but it usually requires a mix of rebooting, disabling, re-enabling > plugins, and re-installing java. > > > -----Original Message----- > From: Kennedy, Jim > [mailto:[email protected]<mailto:[email protected]>] > Sent: Friday, February 22, 2013 3:14 PM > To: NT System Admin Issues > Subject: RE: Java 7-15 failures. > > Not sure how to say this...but glad to hear that. So it isn't just me, there > are others. So there is hope Java will release a fixed patch. > > -----Original Message----- > From: Joseph L. Casale > [mailto:[email protected]<mailto:[email protected]>] > Sent: Friday, February 22, 2013 3:55 PM > To: NT System Admin Issues > Subject: RE: Java 7-15 failures. > > Ditto here, sigh... > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<inline: image001.jpg>>
