$5,000 will buy you access to another, new critical Java vulnerability (Updated)
|
An exploit for yet another critical Java software vulnerability began circulating online amid reports that the patch Oracle issued two days ago is incomplete.
"Based on our analysis, we have confirmed that the fix for CVE-2013-0422 is incomplete," Trend Vulnerability Research Manager Pawan Kinger wrote in a blog post. Kinger went on to explain that the vulnerability stemmed from flaws in two parts of the Java code base: one involving the findclass method and the other involving the invokeWithArguments() method. While Sunday's patch fixed the latter issue, the findclass method can still be used to get references to restricted classes, leaving a hole that attackers can exploit.
|
|
Full Story |
This topic does not have any threads posted yet!
You cannot post until you login.
