Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Bugbatter

3 Apprentice

 • 

20.5K Posts

12115

January 18th, 2013 12:00

Latest Java Update Broken; Two New Sandbox Bypass Flaws Found

“We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11,” Java security researcher Adam Gowdiak of Security Explorations in Poland wrote a short while ago ..."

Complete article at Kaspersky Lab Security News Service:
http://threatpost.com/en_us/blogs/latest-java-update-broken-two-new-sandbox-bypass-flaws-found-011813

ky331

3 Apprentice

 • 

15.3K Posts

January 19th, 2013 14:00

PC Pitstop recommends unintalling Java now:   http://techtalk.pcpitstop.com/2013/01/16/uninstall-java-now/?rob-java 

Remark:   I have been living withOUT Java for several years now.   Over that time, I've encountered one or two websites, and one program, which needed Java.   In all cases, I either found an alternative site/program that accomplished the same thing without Java... or deemed the site/program not sufficiently important that I expose myself to the abundance of exploits [known and yet-unknown] in Java.   I have never regretted this decision.

Yes, some of you may indeed find an important site or program that will force Java on you.   I've read several reports that some bank sites use it.   I'm willing to bet it more likely than not that these sites required JavaSCRIPT and NOT Java -- see (*) below.  All I can say is that I can access all of my bank, brokerage, and credit card sites withOUT using Java.

The bottom line is that you'll never know unless you try for yourself.   The simplest way is to disable Java (as explained in the article) and start surfing.   If you find you can do all of your routine work, then you probably don't need Java after all :emotion-1: .   If that's what you conclude, then it's even better to completely uninstall it.   And in the future, if you ever encounter a site [or program] that requires it, you can always reinstall Java then... IF you feel the necessity of that site overrides the security/exploit concerns.

(*) Finally, let me stress that Java is completely separate from the sound-alike JavaSCRIPT.   Yes, you DO need JavaSCRIPT for many websites you visits.   So by all means keep JavaSCRIPT enabled in your browsers.   But go ahead and see if you can live without Java.

ky331

3 Apprentice

 • 

15.3K Posts

January 28th, 2013 12:00

Lastest news:  New Java exploit "successfully overrides the protections on a fully patched Windows 7 machine that's configured to run Java 7 Update 11 with the "very high" security setting".

http://arstechnica.com/security/2013/01/javas-new-very-high-security-mode-cant-protect-you-from-malware/

View More

View All

No Events found!

Top