Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I was reading the Tech-articles about the zero-Day Security Vulnerabilities in Java 7 Update 10 on 11th Jan and on 13th Jan, Came to know that Oracle has released a fix Patches Update 11 for the same Vulnerabilities. But All the news was just containing superficial data.
Can anyone explain what the Vulnerabilities were and what was the fix?
AFAIK, There was a bug where an applet with a “Medium” level security model in Java 7’s MethodHandle native code which allowed you to unset the SecurityManager even if you had one already. This effectively gave you access of a local program. It would have the same access as the process
This didn’t happen if your security level was “High” which is recommended and the default.
i.e. You had to lower your security level first, but the bug lowered it lower than it should have. 😉