possibly noteworthy wrote: Google's Security team has discovered vulnerabilities in the Sun Java Runtime Environment that threatens the security of all platforms, browsers and even mobile devices. "This is as bad as it gets."
In general I try to keep stuff I do in the office out of this blog, but I thought it worth coming back to clarify that this particular bug does not impact the wide array of platforms indicated in this press report. The only OS I've confirmed that this impacts is Linux. It specifically does not impact Windows. It may or may not impact other operating systems. The fact that Java runs on lots of platforms does not immediately imply that bugs in Java impact all platforms. In this case as a POC was released it was really easy to verify that Windows was not impacted. I've stuck my foot in my mouth in communications with the press about technical issues in the past, so nothing personal to the people interviewed here, but they are wrong in this case, and the real story, frankly, is EEYE's bug, which is, well, also easy to "verify." RE: Dangerous Java flaw threatens virtually everything |