[Info-vax] Java JVM Security Bypasses (Re: [OT] Wirth style languages, was: Re: Obscure Ada compiler vendors?)
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri Apr 5 11:22:42 EDT 2013
On 2013-04-05 14:40:15 +0000, Paul Sture said:
> The Java vulnerabilities of late have been to do with the Java browser
> plugin rather than its server side.
The vulnerabilities have existed in the JVM, and all have involved JVM
sandbox bypasses.
(Not escaping the sandbox being not particularly useful to attackers,
after all.)
The Java web start plugin allows attackers remote access into the JVM,
though another scripting path was also recently closed.
> Has anyone else here been monitoring Java server vulnerabilities?
The JVM vulnerabilities have been somewhat hard to miss on the security
lists, and locally with the Apple Xprotect black-listing.
Brian Krebs has provided good reading on this and related topic areas:
<http://krebsonsecurity.com>
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list