Another Java Security Flaw Appears After Oracle Patch

Researchers have uncovered another potentially Java security flaw, which could be used by hackers to serve up malware, almost immediately after Oracle fixed a dangerous weakness.

Oracle issued an out-of-band Java securitypatch last week, after calls  to address a zero-day flaw found by Polish firm Security Explorations. However, days after the patch was issued, Security Explorations was able to find another Java security issue which gets round security protections in Java 7.

Total exploitation

“The new flaw when combined with some previous, not yet addressed issues (reported in April) makes it possible again to completely compromise Java security,” Adam Gowdiak, CEO of Security Explorations, told TechWeekEurope.

“We reported this new issue on Friday and Oracle confirmed the reception of our report and proof of concept code on the same day. The company is conducting the analysis now and should get back with the results once the investigation of the new issue completed.

“We may either see a fix released [in] another out-of-band patch or a Java CPU scheduled for October.”

Security Explorations has decided not to release information on the flaw, following the uncodified rules of responsible disclosure. Oracle had not responded to a request for comment at the time of publication.

Oacle can now expect yet more pressure from the security community to issue a fix, ahead of the scheduled Java update on 16 October.

Are you a security guru? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

12 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

13 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

13 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

14 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

14 hours ago