Oracle Java JRE 1.7 allows untrusted code
Overview
Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions.
Description
The Oracle Java Runtime Environment (JRE) 1.7 allows users to run Java applications in a browser or as standalone programs. Oracle has made the JRE available for multiple operating systems.
The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager provided by the browser or Java Web Start plugin. Oracle’s document states, “If there is a security manager already installed, this method first calls the security manager’s checkPermission method with aRuntimePermission("setSecurityManager")permission to ensure it’s safe to replace the existing security manager. This may result in throwing a SecurityException".
More here: http://www.kb.cert.org/vuls/id/636312
About Pagoda Technologies IT services
Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.
Let's Get Started!
Whether you need IT consulting, cybersecurity, or infrastructure support, our team is ready to help.
Get your free assessment today and discover how ClearPath Technology can align your IT strategy with your business growth.