Jump to content
Posted 10 April 2010 - 01:19 PM
Posted 15 April 2010 - 06:15 PM
Computerworld - Oracle today patched a critical Java vulnerability that is being exploited by hackers to install malicious software.
The security update to Java SE 6 Update 20 patches a bug disclosed last Friday by Google security researcher Tavis Ormandy, who spelled out how attackers could run unauthorized Java programs on a victim's machine by using a feature designed to let developers distribute their software. Only systems running Windows are at risk.
Oracle's patch appears quick and dirty, Ormandy said. "They've completely removed the vulnerable feature, literally replaced with 'return 0,'" he said on Twitter.
0 members, 0 guests, 0 anonymous users