Java update spoofing vulnerability

Discussion in 'other security issues & news' started by MrBrian, Dec 13, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Please don't tell me this affects Java 7u2?
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The advisory lists only 1.6.x but it's not clear to me that it's been fixed in 1.7.x either.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, the thing just gets updated and now they come with this? :argh: :ouch:

    -edit-

    The vulnerability is reported in versions 1.6.0.28 and prior.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    "Solution Status: Unpatched"
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Then, it's a bit contradictory, isn't it? o_O Why would they mention only 1.6.0.28 and prior? There's no prior, then. I mean, there is, but we need to include, possibly, version 1.6.0.29. o_O But, I wonder if it has been patched in version 1.6.0.29? I'll see if I can spot anything in the change log.

    But, according to the original article (-http://blog.infobytesec.com/2011/12/pwning-java-update-process-2007-today.html):

    The article was written a week ago. By then, the latest version was 1.6.0.29 for quite some time, not 1.6.0.28.

    I'm not saying there isn't a bug; I'm just saying these folks need to make things a bit more clear. :D
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    -edit-

    This is the page from Oracle regarding to what was patched in version 1.6.0.29. -http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

    I didn't see any mentions...
     
Loading...
Thread Status:
Not open for further replies.