Security News for Monday, January 14 2013

According to this post, Microsoft is set to release an out-of-band patch today for a recently released zero-day vulnerability affecting Internet Explorer. This flaw does not appear to affect Internet Explorer versions 9 or 10.

Oracle has released an patch to plug a critical hole in Java. This is a critical vulnerability as the flaw can allow Java applications to break out of the sandbox protections implemented by the Java Virtual Machine.

This article discusses the Java patch mentioned above and how some security researchers think there are still issues in the product. From the article:

Security researcher Adam Gowdiak from Security Explorations has been keeping an eye on the software flaws in Java over the past year. Once Gowdiak analyzed the latest update to Java, he found that the patch still leaves a number of “critical security flaws,” according to Reuters. This statement, mirrored by AlienVault Labs’ Jaime Blasco who branded Oracle’s offering as a “mess,” was later reinforced by the firm’s recommendation against using the software.

“We don’t dare to tell users that it’s safe to enable Java again,” Gowdiak commented.

This entry was posted in Security News. Bookmark the permalink.