Researchers have uncovered another potentially Java security flaw, which could be used by hackers to serve up malware, almost immediately after Oracle fixed a dangerous weakness.
Oracle issued an out-of-band Java securitypatch last week, after calls to address a zero-day flaw found by Polish firm Security Explorations. However, days after the patch was issued, Security Explorations was able to find another Java security issue which gets round security protections in Java 7.
“The new flaw when combined with some previous, not yet addressed issues (reported in April) makes it possible again to completely compromise Java security,” Adam Gowdiak, CEO of Security Explorations, told TechWeekEurope.
“We reported this new issue on Friday and Oracle confirmed the reception of our report and proof of concept code on the same day. The company is conducting the analysis now and should get back with the results once the investigation of the new issue completed.
“We may either see a fix released [in] another out-of-band patch or a Java CPU scheduled for October.”
Security Explorations has decided not to release information on the flaw, following the uncodified rules of responsible disclosure. Oracle had not responded to a request for comment at the time of publication.
Oacle can now expect yet more pressure from the security community to issue a fix, ahead of the scheduled Java update on 16 October.
Are you a security guru? Try our quiz!
Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…
Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…
Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…