Researchers claim to have found more zero-day vulnerabilities in Java

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Coffee cup. Image from ShutterstockA security research team that has alerted Oracle to a series of security flaws in Java in the past, says that it has uncovered new zero-day vulnerabilities in the software.

According to Polish firm update posted by Security Explorations, it has sent proof-of-concept code to Oracle’s security team – so they can investigate the issue.

The concern is that the flaws could be exploited to completely bypass Java’s security sandbox and infect computers in a similar fashion to the attacks which recently troubled the likes of Facebook, Apple and Microsoft.

In those cases, cybercriminals hacked legitimate websites and planted code which exploited Java vulnerabilities when developers visited using web browsers that had a vulnerable version of the Java plugin.

Sign up to our free newsletter.
Security news, advice, and tips.

Update from Security Explorations

Softpedia reports Security Explorations CEO Adam Gowdiak as saying:

"Both new issues are specific to Java SE 7 only. They allow to abuse the Reflection API in a particularly interesting way... Without going into further details, everything indicates that the ball is in Oracle's court. Again."

So, many computer users find themselves in what is becoming a disturbingly familiar situation – looking to see when Oracle will confirm that the flaws exist, and then waiting for the inevitable security update for Java.

Here’s the best piece of advice we can give you right now:

If you don’t need Java enabled in your browser, here’s how to turn it off now

Many people who have Java enabled in their browser simply do not need it (By the way, don’t mix up Java with JavaScript – they’re different things), so the best solution for many folks is to rip Java out of their browser entirely.

If you don’t need Java, why put yourself at risk?

Dirty cup of coffee image from Shutterstock.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.