Details concerning a Java virtual machine bug have been published by a Google researcher. In fact, with the help of the bug, it is possible to run unauthorized programs on your computer.
On Friday the attack was revealed by Tavis Ormandy from Google who notified about the flaw Oracle’s Sun team. As a matter of fact, it turned out that the company considered that the vulnerability was not so high and it was unable to break their quarterly patch cycle although Ormandy disagreed.
Moreover, Oracle refused to comment on the problem. Recently Oracle launched a major Java update last week and it is attempting to set patches which will be available in July.
Due to the attack, hackers are able to run unauthorized Java programs installed on the machine of a victim. It is possible to do this as Java lets developers tell the Java virtual machine to install changeable Java libraries. A malicious program of an attacker can run by means of creation of a malicious library and then it is required to tell the JVM in order to install it.
According to the chief security architect with FireEye, Marc Maiffret, Oracle is doing wrong not focusing on the vulnerability.
Actually the bug is nasty as it is able to create a flaw in Java. But it should be mentioned that Java attacks are rare nowadays and instead of creating a brand-new type of attack, criminals are more likely to use already known vectors like the browser or Adobe Reader.
