Another Java vulnerability revealed

As if things weren’t bad enough for Java on the web, security researcher Adam Gowdiak of Security Explorations yesterday announced yet another critical security flaw.

The new flaw apparently affects all versions of Java, including the most recent updates of Java 5, 6 and 7.

How does this affect users? Nothing has really changed: users are strongly urged to disable Java in their web browsers, since web sites are the most likely vector for attacks based on Java vulnerabilities. If that isn’t possible or practical for you, then your best course of action is to be extremely cautious when deciding whether to click any kind of link, in email or anywhere else. Simply visiting a web site can be enough to infect your computer.

Oracle has not responded to this latest report, and they have yet to respond to the previous Java vulnerability reports.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

2 thoughts on “Another Java vulnerability revealed”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.