Linked by David Adams on Tue 12th Jul 2011 19:08 UTC, submitted by HAL2001
Privacy, Security, Encryption ACROS Security has discovered a vulnerability in Sun Java, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading an executable file in an insecure manner when an out of memory condition occurs.
Thread beginning with comment 480516
To read all comments associated with this story, please click here.
java singled out
by fran on Tue 12th Jul 2011 20:08 UTC
Member since:

I see security vulnerabilities among all platforms, browsers ect. springing up constantly.

Unfortunately Java vulnerabilities get much more bad press than the others. Think its a bit unfair.

Reply Score: 5

RE: java singled out
by ssokolow on Tue 12th Jul 2011 20:17 in reply to "java singled out"
ssokolow Member since:

*nod* From what I've hear, the most popular targets these days are JITed runtimes (Java, Browser Javascript, ActionScript, etc.) because, since they dynamically generate native code, they get minimal benefit from Hardware DEP/NX-bit protections.

Makes me wonder what kind of progress we'll see in areas like static analysis and clever techniques like the "write code that generates your JIT" approach PyPy and luaJIT use.

(I'm also kind of curious why Google hasn't tried repositioning Native Client as a framework for simplifying adding a sandbox around hand-coded JITs, given the claims they've made)

Edited 2011-07-12 20:18 UTC

Reply Parent Score: 2

RE[2]: java singled out
by ebasconp on Tue 12th Jul 2011 22:47 in reply to "RE: java singled out"
ebasconp Member since:

As far as I know, .NET is also a JITted environment.

Reply Parent Score: 2