Critical Java vulnerability made possible by earlier incomplete patch

Posted by BernardSwiss on Jan 12, 2013 5:05 PM EDT
Ars Technica; By Dan Goodin
Mail this story
Print this story

The critical Java vulnerability that is currently under attack was made possible by an incomplete patch Oracle developers issued last year to fix an earlier security bug, a researcher said.

According to Gowdiak, the latest vulnerability is a holdover from a bug (referred to here as Issue 32) that Security Explorations researchers reported to Oracle in late August. Oracle released a patch for the issue in October but it was incomplete, he said in an e-mail to Ars that was later published to the Bugtraq mailing list.

Full Story

» Read more about: Story Type: News Story, Security; Groups: Oracle

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.