Oracle’s emergency Java patch opens the door to more vulnerabilities

Your credit card might already be for sale on the black market

After an exploit in the latest Java 7 framework was discovered, Oracle (ORCL) responded with an emergency patch to fix the problem. The company’s quickness, however, may have opened the door to more vulnerabilities in the Java software. While the patch fixed the original exploit, it introduced a new vulnerability that allows an attacker to bypass the Java Virtual Machine sandbox. Researchers at Security Explorations discovered the exploit and have sent a proof of concept to Oracle, and they are currently waiting to hear back. The research firm has not released the code to the public, although it plans to write a technical paper on the issue once it has been patched. The latest exploit follows a string of vulnerabilities found in Java over the past year.

[Via ZDNet]

Read

Related stories

New Java 7 exploit can be used to compromise Windows, Mac OS X or Linux computers

Jury says Google infringed on Oracle’s copyrights

Oracle rejects Google’s offer to settle patent suit with Android revenue share

Get more from BGR.com: Follow us on Twitter, Facebook