nsane.forums Posted February 16, 2011 Share Posted February 16, 2011 Oracle today issued a security alert to warn about 21 security holes in its widely deployed Java SE and Java for Business products and warned that the flaws are dangerous enough to expose users to remote code execution attacks. Oracle said the most severe CVSS Base Score for vulnerabilities fixed in this Java patch batch is 10.0, the highest severity rating. Out of these 21 vulnerabilities, 13 affect Java client deployments. 12 of these 13 vulnerabilities can be exploited through Untrusted Java Web Start applications and Untrusted Java Applets, which run in the Java sandbox with limited privileges. One of these 13 vulnerabilities can be exploited by running a standalone application. According to the advisory, 3 of the 21 vulnerabilities affect client and server deployments and can be exploited through Untrusted Java Web Start applications and Untrusted Java Applets, as well as be exploited by supplying malicious data to APIs in the specified components, such as, for example, through a web service. Because of the severity of the vulnerabilities in this Java update, Oracle recommends that Java customers apply it “as soon as possible.” As usual, be careful with those pre-checked bloatware add-ons. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.