Industry News

Latest Java 5, 6 and 7 Exploit Could Affect One Billion Users

Oracle’s Java was deemed vulnerable yet again by Polish researcher Adam Gowdiak, except the new breach is universally exploitable in all previous Java SE versions, such as Java 5, 6 and 7.

 “A complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7” is supposed to be even worse than previous exploits because more than one billion users could be affected, Gowdiak wrote in a BugTrack full disclosure mailing list.

“We’ve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software” says the full disclosure email. “The impact of this issue is critical – we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7.”

The new exploit, which enables an attacker to gain full control over a computer, will be fully disclosed at Oracle’s imminent JavaOne conference this September 30th. With Java 7 still vulnerable from the previous exploitable patch, this new security breach not only affects Chrome, Firefox, Safari and Internet Explorer users that run the Java plugin, but iOS users as well.

“We hope that news about one billion users of Oracle Java SE software being vulnerable to yet another security flaw is not gonna spoil the taste of Larry Ellison’s morning Java,” said Gowdiak.

Disabling the Java plugin from browsers is the best course of action if users want to avoid the vulnerability, experts warn.

About the author


Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.


Click here to post a comment