Java update spoofing vulnerability

Discussion in 'other security issues & news' started by MrBrian, Dec 13, 2011.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Please don't tell me this affects Java 7u2?
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    The advisory lists only 1.6.x but it's not clear to me that it's been fixed in 1.7.x either.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, the thing just gets updated and now they come with this? :argh: :ouch:

    -edit-

    The vulnerability is reported in versions 1.6.0.28 and prior.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    "Solution Status: Unpatched"
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Then, it's a bit contradictory, isn't it? o_O Why would they mention only 1.6.0.28 and prior? There's no prior, then. I mean, there is, but we need to include, possibly, version 1.6.0.29. o_O But, I wonder if it has been patched in version 1.6.0.29? I'll see if I can spot anything in the change log.

    But, according to the original article (-http://blog.infobytesec.com/2011/12/pwning-java-update-process-2007-today.html):

    The article was written a week ago. By then, the latest version was 1.6.0.29 for quite some time, not 1.6.0.28.

    I'm not saying there isn't a bug; I'm just saying these folks need to make things a bit more clear. :D
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    -edit-

    This is the page from Oracle regarding to what was patched in version 1.6.0.29. -http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

    I didn't see any mentions...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.