On Oct 16, 2012, Oracle corporation released Java SE Critical Patch Update, which incorporated fixes for 19 security issues that Security Explorations reported to the company earlier this year. This included a fix for a serious issue found shortly after the out-of-band patch was released by Oracle on Aug 30, 2012. This is yet another update to the saga of SE-2012-01.
6b5435fb50ec423d0d75cecaf2ec4e9f387a00115a379abfa7af4f7c3ac321d8
Security Explorations has announced that they have discovered yet another sandbox bypass of Oracle Java and have reported little in the way of details until the vendor fixes the issue. It currently affects all versions of Java. It's probably best to just keep Java off in your browser for now.
37fdc8d80a0b4d0df3960ac7a955595a2cb6e9d1152e90d378fc9a7f71ec1745
Security Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software. This is IBM's implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can lead to the complete compromise of a target IBM Java environment.
867ac9eef17a67029d0c83a32794fd6f14dae99bbb8a7705e718b79b7bd50592
Security Explorations does not agree with Apple's evaluation of a vulnerability they reported. They have decided to release proof of concept code to demonstrate a bypass vulnerability in Apple QuickTime Java extensions.
c2aeee9d3f479037cf3a1177e445be5a6068ad94532c3d4c68af96ada0b39421
This is a presentation called Security Vulnerabilities of Digital Video Broadcast Chipsets. It is from a talk given at the Hack In The Box security conference in Amsterdam in 2012.
b5085e8431fb1a7e2bbeb1de39c969addc0919c9cb22fbe8c72602adfcfcf41b
This is a presentation called Security Threats in the World of Digital Satellite Television. It is from a talk given at the Hack In The Box security conference in Amsterdam in 2012.
61103d4ce9bcf58777deab4ee4ff4c33b39828de0f9c1efaefc51fa159e8fffc
Security Explorations found 19 weaknesses in Java SE security that can allow for sandbox bypass.
4661663296ec5c8cd7a92c27196e3d31e5a2e1f0580d5ae12fa10ebb2109f69b
Bypass and malicious action vulnerabilities exist in the Java mobile technology as included with the Sun Wireless Toolkit version 2.5.2.
1f505dac18beb6e9fd267b8cde6249cf62d99f115a9f5cdcfafc12ac67f5ef59
Two very serious security vulnerabilities in Java technology for mobile devices (Java 2 Micro Edition) affects about 250 million mobile phones coming from Nokia, Siemens, Panasonic, Samsung, Motorola and others. Sun has refused to release an alert regarding these issues. Information about these flaws has been published at Hack In the Box Security Conference earlier this month in Kuala Lumpur, Malaysia.
b5205c34f95361edb616b9b5160c4caade01ca0f30aebdbc019a5cfb22606cd6