Researchers at Security Explorations today disclosed a new vulnerability in Java that could provide an attacker with control of a victim's computer.
"A malicious Java applet or application exploiting this new issue could run unrestricted in the context of a target Java process such as a web browser application. An attacker could then install programs, view, change, or delete data with the privileges of a logged-on user," Security Explorations CEO Adam Gowdiak wrote in an email to Computerworld.
"And unlike the bug in Java 7 that was actively exploited by hackers to install malware on users’ machines until it was patched at the end of last month -- also first spotted by Security Explorations four months earlier -- this security flaw also affects older versions of Java including Java 5 and Java 6," writes Forbes' Andy Greenberg. "That means more than a billion users are affected, according to Oracle’s count of desktop computers running the software."
"The affected web browsers are Safari 5.1.7, Opera 12.02, Chrome 21.0.1180.89, Firefox 15.0.1, and Internet Explorer 9.0.8112.16421," writes Softpedia's Eduard Kovacs. "The company has provided Oracle with a complete technical description of the flaw, along with source and binary codes, and a proof of concept that demonstrates the complete security sandbox bypass in Java SE 5, 6 and 7."
"Oracle doesn’t issue critical patch updates for Java until the middle of October," writes Betabeat's Steve Huff. "Whether much of the planet’s population waiting for this hole to be fixed will goose them into moving faster to fix the problem remains to be seen."