Monday, October 11, 2010

Java 6u21 Seven Issues Summary

After several months since I contacted Oracle informing them about ten issues on Java applet security, they will release an important update of Java today.

It fixes several security issues, seven of which were found by me in May.

There will be some post on this blog describing the issues and an impact analysis.

In particular the issues are in order of impact the following:
Disclosure Timeline
20th Apr - 6 May 2010: Advisories sent to Oracle
25th June 2010: Oracle Confirms all issues
12 Oct 2010: Java update 22 released which fixes 7 out of 10 issues.
11-20 Oct 2010: Minded Security Advisories publicly disclosed.

All the issues were found by Stefano Di Paola of Minded Security

1 comment :

  1. Hi,

    the issues you disclosed are really the result of some great work! My biggest respect for this.

    But now I have a problem. I have an applet which determines the MAC addresses of users and sends the results via javascript xmlhttp calls to a server side script for analysis. This applet does not work anymore, because of the update oracle released.
    Is there still a way, you know, I am able to get the MAC addresses of the users via the applet method? The applet was really important to my company's network security, so I would be really, really glad if you had a solution for us.

    Thank you in advance.