Friday, August 31, 2012

Oracle: You know how we said we fixed that Java hole? Uh ... never mind.

If you've applied the patch mentioned in the previous post, and not just disabled/uninstalled Java as recommended, you should be aware of this:

Researchers said they've uncovered a flaw in the Java 7 update released by Oracle on Thursday that allows attackers to take complete control of end-user computers.

In retrospect, I should have been more skeptical about a patch that got shipped after four months of silence, seemingly only because enough of a stink started getting made about it.

No comments: