If you own one of the world’s billion or so Windows computers, we are sorry to inform you it probably contains a Java vulnerability that could allow a malicious attacker to sidestep Java security and exploit your browser.
According to Softpedia, most browsers are vulnerable:
The researchers have confirmed that Java SE 5 – Update 22, Java SE 6 – Update 35, and Java SE 7 Update 7 running on fully patched Windows 7 32-bit operating systems are susceptible to the attack.
The affected web browsers are Safari 5.1.7, Opera 12.02, Chrome 21.0.1180.89, Firefox 15.0.1, and Internet Explorer 9.0.8112.16421.
Researchers at Security Explorations, who have made it their business to pick out all the vulnerabilities in Java, have given Oracle a full breakdown of the problem complete with source code and proof-of-concept demonstrations of how the exploit might work.
Oracle doesn’t issue critical patch updates for Java until the middle of October. Whether much of the planet’s population waiting for this hole to be fixed will goose them into moving faster to fix the problem remains to be seen.
Follow Steve Huff via RSS. firstname.lastname@example.org