The new Java 0Day examined (The H)
Posted Aug 31, 2012 5:18 UTC (Fri) by CChittleborough
Parent article: The new Java 0Day examined (The H)
Java sandboxes untrusted applets by having library methods that do possibly-dangerous things check for permission first. It's a tedious, finicky approach that requires programmers who work on low-level library classes to think carefully about security. That the Oracle team either ignored the security implications of
Expression.execute() or bungled the checking says something very bad about Oracle's project management. Erk.
to post comments)