|
Authored by: mbouckaert on Tuesday, January 29 2013 @ 02:12 PM EST |
Apparently, the problems that won't go away are in the
plugin code rather than in the JVM itself.
If you're just running a Java app. from the command line, I
have not seen a CVE that says you're not safe.
If you're running a Java app. or applet from a browser, all
bets are off, on all OS's.
The vulnerabilities I have seen described relate to
downloading and executing malevolent code as the currently
logged in user.
So it won't take the whole machine over. Sure, SELinux /
AppArmor will restrict where that code may be put or whether
it can be marked executable. Still, it can be read and re-
executed whenever the page is revisited - which may well be
the next time you start the browser - and proceed to sniff
all your passwords.
Just limit your browsing to a small whitelist if the Java
plugin is enabled.
---
bck[ Reply to This | Parent | # ]
|
|
|
|
|