![]() ![]() ![]() …and your cybersecurity Christmas decorations lit up with the latest funkily-named bug: Log4Shell.Īpparently, early reports of the bug referred to it as “LogJam”, because it allows you to JAM dodgy download requests into entries in LOG files.īut LogJam was already taken (in that one, LOG referred to discrete logarithms, as performed in cryptographic calculations, not to logfiles). If so, no surprise that Issue 61 was overlooked.Just when you thought it was safe to relax for the weekend… “It looks Oracle was primarily focused on hunting down potentially dangerous Reflection API calls in the ‘allowed’ classes space. It's been a year since then and to our true surprise, we were still able to discover one of the simplest and most powerful instances of Java Reflection API based vulnerabilities,” Gowdiak noted. “In Apr 2012, we reported our first vulnerability report to Oracle corporation signaling multiple security problems in Java SE 7 and the Reflection API in particular. ![]() Gowdiak says the company hasn’t confirmed the issue, but he believes it shouldn’t take more than a day, considering that the reproduction of the flaw consists of simply running a Java code in a web browser. It’s also worth noting that this is a completely new security hole that doesn’t rely on any previously unpatched flaws.Ī vulnerability report and a proof of concept have been sent to Oracle. Successful exploitation in a web browser scenario requires proper user interaction (a user needs to accept the risk of executing a potentially malicious Java application when a security warning window is displayed),” the expert told Softpedia. “ can be used to achieve a complete Java security sandbox bypass on a target system. Polish firm Security Explorations has discovered a Reflection API issue – dubbed “Issue 61” – that plagues all variants of Java 7, including Update 21.Īccording to Adam Gowdiak, the CEO and founder of the company, the newly found bug impacts not only the JRE plugin, but the recently announced Server JRE as well. Less than a week has passed since Oracle released its April 2013 Critical Patch Update for Java and researchers have already identified a vulnerability affecting the latest version of the software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |