Threat Post

Java Sandbox Bypass Discovered that Breaks Latest Update

Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new ...
TechRepublic

Work with Java Web Start beyond the sandbox

Java Web Start can make deploying Java apps a breeze, but it may prevent those apps from accessing needed resources. Find out how to use Java Network Launching Protocol and application signing to ...
Threat Post

Oracle Addresses Java’s Symptoms, But Doesn’t Cure Sickness

Security experts are lukewarm on Oracle’s security plans for the Java browser plug-in, largely because they don’t address code innate to the platform’s security sandbox which has been bypassed in a ...
eWeek

New Java Vulnerability Allows Sandbox Bypass, Security Firm Says

In this episode of eSpeaks, Jennifer Margles, Director of Product Management at BMC Software, discusses the transition from traditional job scheduling to the era of the autonomous enterprise. eSpeaks’ ...
Dark Reading

Java Security Feature FAIL: Researcher Bypasses Java Sandbox, Security Settings

Zero-day bugs in Java have been coming fast and furious lately. In the latest twist, a researcher says he was able to cheat built-in security features in Java applications. Adam Gowdiak, founder and ...
CSOonline

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java Spring ecosystem. Maintainers of Thymeleaf, a widely used template engine for ...
PC World

Researchers Find Critical Vulnerability in Java 7 Patch Hours After Release

Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the ...