• Warning: Illegal string offset 'name' in fierce_js_init() (line 6 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/custom/fierce_js/fierce_js.module).
  • Warning: Illegal string offset 'url' in fierce_plugins_site_footer_content_type_render() (line 151 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'signup_url_footer' in fierce_plugins_site_footer_content_type_render() (line 152 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'contact_url' in fierce_plugins_site_footer_content_type_render() (line 155 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'mobile' in fierce_plugins_site_footer_content_type_render() (line 156 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'url' in fierce_plugins_site_footer_content_type_render() (line 157 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'url' in fierce_plugins_site_footer_content_type_render() (line 159 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/site_footer/site_footer.inc).
  • Warning: Illegal string offset 'jazd' in fierce_plugins_jazd_hottest_products_content_type_render() (line 32 of /mnt/www/html/fiercemarkets/docroot/sites/all/modules/fierce_plugins/plugins/content_types/jazd_hottest_products/jazd_hottest_products.inc).

Vulnerability allows Java Control Panel settings to be bypassed

Tools

Yet another security vulnerability has been discovered in Java, which means that recent changes to thwart drive-by attackers against web browsers can be circumvented. The somber warning was issued by Adam Gowdiak, CEO of Security Explorations, in a Sunday mailing list post. In it, Gowdiak says his company had successfully created a proof of concept exploit that worked on Java 7 Update 11.

The problem that was discovered by Gowdiak appears to sidestep recent tweaks made by Oracle (NASDAQ: ORCL) that bolster the security of Java, including setting the security level of Java to the highest by default. The changes were made in order to prevent a computer from being compromised on the sly by a "silent exploit." Unfortunately, the newly discovered flaw allows that to happen.

Gowdiak outlined the problem in a Computerworld article. "It could be used to successfully launch unsigned Java code on a target system regardless of the security level set by the user in Java Control Panel. [The] 'High' or 'Very High' security [setting] does not matter here, the code will still run," he said.

For now, Gowdiak recommends that users rely on browsers with "click-to-play" functionality. This is a feature that requires users to click on a plug-in to explicitly authorize it to load. According to Gowdiak, this may be useful to guard against "known and not-yet-addressed Java plug-in vulnerabilities." The bug has been reported to Oracle.

For more:
- check out this article at Computerworld

Related Articles:
Have you uninstalled Java yet?
Yet another Java flaw surfaces