Researchers have discovered vulnerabilities to bypass security settings of Java, designed to protect against hidden exploits.
Researchers from security company Security Explorations managed to find vulnerabilities in the security of Java, which are designed to provide protection against hidden exploits. The flaw allows potential attackers to bypass security restrictions and perform drive-by attack in the browser of the victim.
Note that the user needs the ability to specify the security settings introduced by developers in December last year in Java 7 Update 10. They allow you to set limits on the run Java applications in web-browser. This is the “rigorous” safety of the four possibly to block all applications that do not have a legitimate signature.
At the same time, the head of Security Explorations Govdiaka Adam (Adam Gowdiak) said that none of the proposed restrictions can resist intruders.
“What we found was to successfully run unsigned Java code on the target system, Windows , no matter what settings restrictions is set in Java Control Panel », – follows from the messages in Govdiaka SecLists.
The expert also noted that the precise confirmation of the breach is only available for Java 7 Update Version 11 for Windows 7. Currently, the relevant information about the vulnerability and PoC-code for it had already been sent to developers at Oracle.