Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: proxy_user

mmm...

Geeks who actually understand it tend to have their own sources, but there’s a fair amount of details like

http://blogs.cisco.com/security/new-java-vulnerability-being-exploited-in-the-wild/

...This Java vulnerability is due to improper security protections on built-in classes in the Java Runtime Environment.

An unsigned Java applet can use the setSecurityManager() function to bypass security checks and access an elevated security context.

There are a few allegations that the exploit for this new Java vulnerability (CVE-2013-0422) is very similar to the Java vulnerability reported late last year (CVE-2012-5088); however, it seems they are fairly different.

This article describes some of the technical details of the exploit...


24 posted on 01/13/2013 7:28:58 AM PST by jjotto ("Ya could look it up!")
[ Post Reply | Private Reply | To 19 | View Replies ]

To: jjotto

The article I posted explains the relation between the two vulnerabilities. They added the AccessControlContext field to stop the first problem. When they released Java 1.7, it turned out that some of the new methods could be used to change the value of this field.


26 posted on 01/13/2013 7:44:16 AM PST by proxy_user
[ Post Reply | Private Reply | To 24 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson