Another Java Security Flaw Appears After Oracle Patch

Oracle can expect calls for yet another update

Researchers have uncovered another potentially Java security flaw, which could be used by hackers to serve up malware, almost immediately after Oracle fixed a dangerous weakness.

Oracle issued an out-of-band Java securitypatch last week, after calls  to address a zero-day flaw found by Polish firm Security Explorations. However, days after the patch was issued, Security Explorations was able to find another Java security issue which gets round security protections in Java 7.

Total exploitation

“The new flaw when combined with some previous, not yet addressed issues (reported in April) makes it possible again to completely compromise Java security,” Adam Gowdiak, CEO of Security Explorations, told TechWeekEurope.

“We reported this new issue on Friday and Oracle confirmed the reception of our report and proof of concept code on the same day. The company is conducting the analysis now and should get back with the results once the investigation of the new issue completed.

“We may either see a fix released [in] another out-of-band patch or a Java CPU scheduled for October.”

Security Explorations has decided not to release information on the flaw, following the uncodified rules of responsible disclosure. Oracle had not responded to a request for comment at the time of publication.

Oacle can now expect yet more pressure from the security community to issue a fix, ahead of the scheduled Java update on 16 October.

Are you a security guru? Try our quiz!