Researchers have uncovered another potentially Java security flaw, which could be used by hackers to serve up malware, almost immediately after Oracle fixed a dangerous weakness.
Oracle issued an out-of-band Java securitypatch last week, after calls to address a zero-day flaw found by Polish firm Security Explorations. However, days after the patch was issued, Security Explorations was able to find another Java security issue which gets round security protections in Java 7.
“The new flaw when combined with some previous, not yet addressed issues (reported in April) makes it possible again to completely compromise Java security,” Adam Gowdiak, CEO of Security Explorations, told TechWeekEurope.
“We reported this new issue on Friday and Oracle confirmed the reception of our report and proof of concept code on the same day. The company is conducting the analysis now and should get back with the results once the investigation of the new issue completed.
“We may either see a fix released [in] another out-of-band patch or a Java CPU scheduled for October.”
Security Explorations has decided not to release information on the flaw, following the uncodified rules of responsible disclosure. Oracle had not responded to a request for comment at the time of publication.
Oacle can now expect yet more pressure from the security community to issue a fix, ahead of the scheduled Java update on 16 October.
Are you a security guru? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…