Breaking News

MSI Unveils MPG 274URDFW E16M Mini-LED Monitor Silicon Power Unleashes its First CUDIMM Under the New XPOWER Cyclone DDR5 Gaming Series Sony introduces WH-1000XM6 COLORFUL Unveils Latest Innovations at COMPUTEX 2025 All New Lenovo ThinkStation PGX

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Researcher Finds New Bug In Java

Researcher Finds New Bug In Java

Enterprise & IT Jan 28,2013 0

Despite the recent commitment by the head of Java security that his team would fix bugs in the Java software, a researcher claims that a bug can still allow browser attacks. The Java 7 Update 10 as well as the latest Update 11 let users decide which Java applets are allowed to run within their browsers. According to Oracle, users may control the level of security that will be used when running unsigned Java apps in a web browser. Apart from being able to completely disable Java content in the browser, four security levels can be used for the configuration of unsigned Java applications:

- "Low" - Most unsigned Java apps in the browser will run without prompting
- "Medium" - Unsigned Java apps in the browser will run withoutprompting only if the Java version is considered secure.
- "High" - User will be prompted before any unsigned Java app runs in the browser.
- "Very High" - Unsigned (sandboxed) apps will not run.

But according to Adam Gowdiak, CEO of Security Explorations, none of the settings can stymie an attacker. He claims that in practice, it is possible to execute an unsigned (and malicious) Java code without a prompt corresponding to security settings configured in Java Control Panel.

Gowdiak said that a 'Proof of Concept' code that illustrates Issue 53 had been executed in the environment of latest Java SE 7 Update 11 (JRE version 1.7.0_11-b21) under Windows 7 OS and with "Very High" Java Control Panel security settings.

Gowdiak suggests that people turn to a browser with 'click-to-play,' a feature that forces users to explicitly authorize a plug-in's execution. Chrome and Firefox include support this feature.

Tags: Java
Previous Post
Pantech Introduces 5.9-inch Full-HD Smartphone
Next Post
RIM Unveils Lower BlackBerry World Price Tiers

Related Posts

  • Oracle Unveils New Services, Layouts Java's Future

  • GPU Acceleration Coming to Java

  • New Emergency Fix Releaseed For Java zero-day Exploit Released

  • New Critical Patch For Java SE Released

  • Oracle Patches Java Bugs

  • Java Said To Put Computers in High Risk

  • Google Threatens To Exclude French Web sites From Search

  • Apple Removes Java From OS X

Latest News

MSI Unveils MPG 274URDFW E16M Mini-LED Monitor
Gaming

MSI Unveils MPG 274URDFW E16M Mini-LED Monitor

Silicon Power Unleashes its First CUDIMM Under the New XPOWER Cyclone DDR5 Gaming Series
PC components

Silicon Power Unleashes its First CUDIMM Under the New XPOWER Cyclone DDR5 Gaming Series

Sony introduces WH-1000XM6
Consumer Electronics

Sony introduces WH-1000XM6

COLORFUL Unveils Latest Innovations at COMPUTEX 2025
PC components

COLORFUL Unveils Latest Innovations at COMPUTEX 2025

All New Lenovo ThinkStation PGX
Enterprise & IT

All New Lenovo ThinkStation PGX

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Rock 5

be quiet! Dark Rock 5

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

G.skill Trident Z5 Neo RGB DDR5-6000 64GB CL30

G.skill Trident Z5 Neo RGB DDR5-6000 64GB CL30

Arctic Liquid Freezer III 420 - 360

Arctic Liquid Freezer III 420 - 360

Crucial Pro OC 32GB DDR5-6000 CL36 White

Crucial Pro OC 32GB DDR5-6000 CL36 White

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed