Java security update: 36 vulnerabilities, 34 remotely exploitable

mparlane | karma 1116 | avg karma 3.62 · 2014-01-14 22:28:45

Anyone who uses gerrit?

wglb | karma 64679 | avg karma 7.38 · 2014-01-14 22:38:13+00:00

Too numerous to mention.

wiserat | karma 2 | avg karma 2.0 · 2014-01-14 22:45:17+00:00

Applet sandbox related holes only affect applets, which most Java developers don't use. There are other vulnerabilities from time to time, but the bulk are related to the browser plug in applet sandbox and related deployment exploits.

Off the top of my head Twitter, Google, Amazon and most of the largest Internet services use Java/JVM on the web...

reply

awnird | karma 2062 | avg karma 13.84 · 2014-01-14 22:48:28+00:00

Apple, Amazon, Twitter, Google, Red Hat etc.

There is a big difference between server side and client side Java.

reply

baq | karma 14757 | avg karma 2.44 · 2014-01-14 22:13:46+00:00

that's more holes than swiss cheese has... i can't name any other software that fixes this many remote exploits in a single release...

flatline | karma 5341 | avg karma 4.29 · 2014-01-14 22:15:48

I seem to recall that Windows 2000 had large releases to patch remotely exploitable bugs, but that was a whole other era in the field of security.

smrtinsert | karma 2231 | avg karma 1.42 · 2014-01-14 22:45:00+00:00

Ok well, compare it to software projects on the same scale. When you're talking about an installed base of hundreds of millions across a variety of platforms things get a little complicated.

tptacek | karma 394296 | avg karma 6.04 · 2014-01-14 22:16:46

Discussion yesterday: https://news.ycombinator.com/item?id=7054790

mytummyhertz | karma 76 | avg karma 3.62 · 2014-01-14 22:18:01+00:00

anyone have writeups for any of these CVE's?

gnud | karma 2407 | avg karma 4.49 · 2014-01-14 22:29:59

I'm beginning to suspect their vulerabilities are intentional, to trick me into accidentally installing the Ask toolbar.