Linked by David Adams on Tue 12th Jul 2011 19:08 UTC, submitted by HAL2001
Privacy, Security, Encryption ACROS Security has discovered a vulnerability in Sun Java, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading an executable file in an insecure manner when an out of memory condition occurs.
Permalink for comment 480517
To read all comments associated with this story, please click here.
RE: java singled out
by ssokolow on Tue 12th Jul 2011 20:17 UTC in reply to "java singled out"
ssokolow
Member since:
2010-01-21

*nod* From what I've hear, the most popular targets these days are JITed runtimes (Java, Browser Javascript, ActionScript, etc.) because, since they dynamically generate native code, they get minimal benefit from Hardware DEP/NX-bit protections.

Makes me wonder what kind of progress we'll see in areas like static analysis and clever techniques like the "write code that generates your JIT" approach PyPy and luaJIT use.

(I'm also kind of curious why Google hasn't tried repositioning Native Client as a framework for simplifying adding a sandbox around hand-coded JITs, given the claims they've made)

Edited 2011-07-12 20:18 UTC

Reply Parent Score: 2