More Java Woes - and so soon...

New Java Exploit Fetches $5,000 Per Buyer

Good one. I feel sorry for the Java programmers LOL! :slight_smile:

Cybercrooks have begun distributing an item of malware that poses as a Java security update.

Read more: VXers exploit users' confusion over Java to punt fake update • The Register

Latest Java Update Broken; Two New Sandbox Bypass Flaws Found

Critical Java vulnerabilies confirmed in latest version

:‘( :’( :‘( :’( :cry:

i agree to the comments that most of the exploits and such are applets or webstarts and or jnlp even though im just a novice but i guess good thing i havent read the applets webstarts and jnlp sections of java turtorials :wink:

though thinking about it isnt applet the same as java application inside a web sandboxed

but java application would mean you downloaded the jar files and running it on disk or installed in the jre ext folder that may or may not have internet/network access


i just thought i also ask about java jre app i dont know what is the default java security configuration for java application on disk(java.exe) versus java applet on java plugin (javaw.exe) because from what i understand but i might be wrong that java applets run inside a sandbox and java application arent but since java application is run on disk i assume it is scanned and well monitored by your security app , and just to clear up i am assuming the restriction is what priviledge the jre has i think rather than the os system priviledge

and to say applet and j2ee (jsp, ejb, etc) are different the applet runs in your system and the j2ee runs on the server ( except rmi if i understand it right)

Here we go again!

News for Java’s new “very high” security mode can’t …

Edit: changed url from Google to Ars Technica. Eric

i dont know if this fix the new vulnerability for the very high but still just to update people