On 06/19/2013 01:29 AM, Dhiru Kholia wrote:
Some recent news,
http://www.theregister.co.uk/2013/06/14/java_june_critical_patch_update/
"The majority are vulnerable through browser plugins, 11 of which are
exploitable for complete control of the underlying operating system,"
said Ross Barrett, senior manager of security engineering at Rapid7.
Not that I am stepping up to defend Java plugins, but let's not be
overly alarmist here. TheReg's article indeed points out some severe
vulnerabilities, but they should not be 'exploitable for complete
control of the underlying operating system' unless there is another
vulnerability, e.g. in the kernel.
The quote above is from another article, and in my personal opinion it
is overly shrill. As a general observation, security companies might
just have a slight bias hyping up threats, but not to worry because they
can also offer inexpensive and convenient solutions.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
