On 06/19/2013 01:29 AM, Dhiru Kholia wrote:
Some recent news, http://www.theregister.co.uk/2013/06/14/java_june_critical_patch_update/ "The majority are vulnerable through browser plugins, 11 of which are exploitable for complete control of the underlying operating system," said Ross Barrett, senior manager of security engineering at Rapid7.
Not that I am stepping up to defend Java plugins, but let's not be overly alarmist here. TheReg's article indeed points out some severe vulnerabilities, but they should not be 'exploitable for complete control of the underlying operating system' unless there is another vulnerability, e.g. in the kernel.
The quote above is from another article, and in my personal opinion it is overly shrill. As a general observation, security companies might just have a slight bias hyping up threats, but not to worry because they can also offer inexpensive and convenient solutions.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel