Your Path to I.T. Enlightenment

Pagoda Blog

Oracle Java JRE 1.7 allows untrusted code

August 28, 2012

Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions.

Overview

Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions.

Description

The Oracle Java Runtime Environment (JRE) 1.7 allows users to run Java applications in a browser or as standalone programs. Oracle has made the JRE available for multiple operating systems.

The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager provided by the browser or Java Web Start plugin. Oracle's document states, "If there is a security manager already installed, this method first calls the security manager's checkPermission method with aRuntimePermission("setSecurityManager")permission to ensure it's safe to replace the existing security manager. This may result in throwing a SecurityException".

More here: http://www.kb.cert.org/vuls/id/636312

Return to Pagoda Blog Main Page

As your trusted IT service partner, Pagoda Technologies is here to help you achieve your near and long-term business goals through reliable and affordable IT support.

Pagoda Technologies

101 Cooper Street

Santa Cruz, CA 95060

831-419-8000

Contact us for a free IT consultation

Get in touch

Join our newsletter

Want IT to serve you better?

Subscribe

Are you an existing client and need IT Support?

Open a Ticket Here

831.419.8000

Free IT Consultation