Java Vulnerability Discovered
© Freddy The Boy
Google researcher Tavis Ormandy has uncovered a Java vulnerability that could allow an attacker to run unauthorized programs on a victim's PC.
"They can do this because Java allows developers to tell the Java virtual machine to install alternate Java libraries," writes PCWorld's Robert McMillan. "By creating a malicious library and then telling the JVM to install it, an attacker could run his malicious program."
"The problem is with the Java Web Start framework, which allows developers an easy way to create Java applications," writes CNET News' Elinor Mills. "Disabling the Java plug-in will not protect against an attack, according to Ormandy."
"A patch is not yet available, but Ormandy suggests several workarounds," notes InformationWeek's Thomas Claburn. "He also says that Sun has been informed of the flaw but does not consider it serious enough to issue and patch outside of its quarterly cycle."
More here from The Register … and more here from V3.co.uk.