Linked by David Adams on Tue 12th Jul 2011 19:08 UTC, submitted by HAL2001
Privacy, Security, Encryption ACROS Security has discovered a vulnerability in Sun Java, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading an executable file in an insecure manner when an out of memory condition occurs.
Thread beginning with comment 480502
To read all comments associated with this story, please click here.
Nice
by WorknMan on Tue 12th Jul 2011 19:37 UTC
WorknMan
Member since:
2005-11-13

Just one more reason why I won't be installing Java on my machine anytime soon.

Reply Score: 0

RE: Nice
by zztaz on Tue 12th Jul 2011 19:51 in reply to "Nice"
zztaz Member since:
2006-09-16

That's a pretty lame reason.

Yes, a flaw in the JVM is scary, just as flaws in kernels or popular libraries are.

The trade-off is that applications written in Java are less likely to have dangerous flaws than applications which execute directly, such as those written in C++.

As kernel and VM developers are much more likely to be aware of security than typical application programmers, I'll take that trade.

Reply Parent Score: 4

RE: Nice
by JAlexoid on Tue 12th Jul 2011 20:27 in reply to "Nice"
JAlexoid Member since:
2009-05-19

Then you're not on Windows, I guess? Considering you're such a security nut. Or you're just a person with a personal grudge against Java.

Reply Parent Score: 5

RE[2]: Nice
by WorknMan on Tue 12th Jul 2011 21:44 in reply to "RE: Nice"
WorknMan Member since:
2005-11-13

Then you're not on Windows, I guess? Considering you're such a security nut. Or you're just a person with a personal grudge against Java.


Well, Windows itself is not inherently insecure, unless you run insecure programs, like Java. For this reason, I don't run Java at all, and only Flash when absolutely necessary, with Flashblock turned on at all times, except for a handful of sites that I have whitelisted.

(Of course, Java itself isn't actually a program if you want to get technical about it, which makes it even worse.)

Edited 2011-07-12 21:45 UTC

Reply Parent Score: 0

RE: Nice
by AndrewZ on Tue 12th Jul 2011 20:46 in reply to "Nice"
AndrewZ Member since:
2005-11-15

The last Java update had patches for 29 vulnerabilities, 15 of which are highly severe. Java is very insecure, and is a big gateway for PC penetration.

http://blogs.pcmag.com/securitywatch/2010/10/oracle_updates_java_to...

Edited 2011-07-12 20:49 UTC

Reply Parent Score: 1

RE[2]: Nice
by ebasconp on Tue 12th Jul 2011 22:46 in reply to "RE: Nice"
ebasconp Member since:
2006-05-09

Come on! Every large application releases a lot of security patches every time and that does not make them inherently insecure.

Reply Parent Score: 3

RE: Nice
by sagum on Tue 12th Jul 2011 23:28 in reply to "Nice"
sagum Member since:
2006-01-23

Just one more reason why I won't be installing Java on my machine anytime soon.

But how, sir, are you going to play minecraft :o ;)

Reply Parent Score: 1

RE: Nice
by dvhh on Wed 13th Jul 2011 02:39 in reply to "Nice"
dvhh Member since:
2006-03-20

And install Mono ?

Reply Parent Score: 2