Posted on 07/13/2007 10:15:13 AM PDT by ShadowAce
Google's security team has discovered vulnerabilities in the Sun Java Runtime Environment that threaten the security of all platforms, browsers and even mobile devices.
"This is as bad as it gets," said Chris Gatford, a security expert from penetration testing firm Pure Hacking.
"It's a pretty significant weakness, which will have a considerable impact if the exploit codes come to fruition quickly. It could affect a lot of organizations and users," Gatford told ZDNet Australia.
Australia's Computer Emergency Response Team analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk.
"Delivery of exploits in this manner is attractive to attackers because even though the browser may be fully patched, some people neglect to also patch programs invoked by browsers to render specific types of content," said Lowe.
According to Gatford, the bugs threaten pretty much every modern device. "Java runs on everything: (mobile) phones, PDAs and PCs. This is the problem when you have a vulnerability in something so modular--it affects so many different devices."
"Also, this exploit is browser-independent, as long as it invokes a vulnerable Java Runtime Environment," Gatford added.
Pure Hacking's Gatford said the problem is compounded by the fact that organizations are unlikely to take on the daunting process of patching all of their Java Runtime vulnerabilities.
"It would be an extremely difficult and laborious process for an organization trying to patch Java Runtime across the enterprise," he said.
BUMP!
Now EVERYBODY KNOWS!........
The bad guys already know. Now we know enough to protect ourselves.
You know where all of this is gonna lead to, don’t you?.......Some lib dem will eventually call for a Department of Software and Internet Security to be created............
Department of Software and Internet Security = Big SIS...
Way to go, Ragnar!................
So, what do we do? Disable java in Firefox? Or await a new version of java?
When the Java patch gets released, it will probably only successfully install on around 30% of the computers you will try to install it on. lol
I’ve found Java to be extremely buggy, on windows boxes anyway.
It’s not a whole lot better under Linux. I find it rather slow.
It's java, it isn't refered to as 'Write once crash everywhere.' without reason.
Apple’s ahead of the curve on this one. The iPhone doesn’t support Java.
As a developer, I can tell you that this is rare... Not to mention, you have to be navigating to a website or purposefully running a program that would intentionally exploit this security hole. That puts the threat level back down with almost any other threat you see... *yawn* I'll go back to my dangerous and scary Java programming.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.