Old Vulnerability Found In New "Patched" Version of Java

News light-virus-1

There is nothing like finding a new bug in a patch that is meant to fix another one. This appears to be something that Oracle has done though. After releasing a rushed security patch for a rather serious vulnerability in Java the same company that found the first flaw, Security Explorations, has found another one. The first flaw affected any web browser that had the Java plug-in running and extended across multiple operating systems as well. It was the sort of flaw that everyone remembers when the security of someone’s products is brought up. Having a single major vulnerability in your software (and with malware that uses it in the wild) is bad enough, but to find another one in your most recent version is just bad news.

The “new” vulnerability isn’t even new either. According to Security Explorations the new problem is related to one that was sent to Oracle back in April of this year. The difference is that so far there are no examples of this flaw in the wild. Many in the industry are very frustrated with Oracle right now. They did the right thing by pushing out a patch out of cycle, but by not including fixes for all of the issues that are outstanding in their Java software they are still leaving users exposed.

After Oracle bought Java may felt that the powerful widely used software would be neglected by Oracle (some even felt the acquisition was more for legal positioning than anything else). For the most part they have been accurate. We have watched as Oracle has left Java slip in terms of security and performance. It has to be said that Java was never the most secure plug-in out there, but with some work it could have been brought up to par and even improved on. For now you might still want to be careful with the Java plug-in enabled in your web browser and site owners might want to look into other options for some of the background functionality that makes sites fast. It is possible that with Java falling behind, Flash moving to Air, and Microsoft ditching Silverlight we might all end up running HTML 5 much sooner that we thought.  Of course the big problem there is that HTML 5 still has a listing of over 50 major security flaws, so it almost looks like there is no best option for web browsing these days.
Discuss this in our Forum

No comments

Leave your comment

In reply to Some User