Monday, January 28, 2013

New vulnerability in Java

New vulnerability in Java calls into question the effectiveness of protection against exploits.

Researchers discovered vulnerabilities to bypass security settings Java, designed to protect against hidden exploits.

Researchers from security company Security Explorations managed to find vulnerabilities in the security Java, which are designed to provide protection against hidden exploits. The flaw allows potential attackers to bypass security restrictions and perform 'drive-by' attack in the victim's browser.

Note that the user needs the ability to specify the security settings introduced by developers in December last year in Java 7 Update 10. They allow you to set limits on the run Java applications in web-browser. In this case the most "robust" safety of the four possible to block all applications that do not have a legitimate signature.

At the same time, the head of Security Explorations Adam Gowdiak, none of the proposed restrictions can resist intruders.

"What we found ... to successfully unsigned Java code on the target system, Windows, no matter what settings restrictions set in Java Control Panel", - the message says in Gowdiak from SecLists.

The expert also noted that the precise confirmation of the breach is only available for Java 7 Update Version 11 for Windows 7. Currently, the relevant information about the vulnerability and PoC-code for it had already been sent to developers Oracle.

No comments:

Post a Comment