Will sandboxing the JVM protect us from another zero-day exploit?


News: Will sandboxing the JVM protect us from another zero-day exploit?

  1. It's time to download another security patch.

    If you're on the Oracle mailing list, you should have received a security alert on Thursday evening indicating that it was once again time to apply another security fix.

    Hopefully this fix will gum up the hole that was identified earlier on in the week when FireEye Inc. warned of a new zero-day vulnerability affecting the latest version of Java, which is being actively exploited by cyber criminals. "We have seen this unpatched exploit being used in limited targeted attacks," wrote Atif Mushtaq, a senior researcher at Milpitas, Calif.-based FireEye. A more in depth discussion of the exploit can be found at our sister site, searchsecurity.com

    On a bit of a side note, searchsecurity.com also threw out the idea of perhaps 'sandboxing' the JVM to a greater extent to make it more secure. Essentially, take that trusted code base and make it 'not-so-trusted' anymore so that it becomes much more difficult for exploits to reach into registry setting and configuration files. Or perhaps users of the JVM just have to accept the fact that when a piece of software becomes this popular, there will inevitably be nefarious people actively looking to find exploits, and applying the occasional security fix is just par for the course.

    Attack code surfaces targeting Java zero-day flaw

    Java sandboxing could thwart attacks, but design may be impossible

    Critical Patch Updates, Security Alerts and Third Party Bulletins



    Threaded Messages (1)

  2. signed applets[ Go to top ]

    What about signed applets? There are a lot of signed applets out there. If the jvm is sandboxed this wouldn't work anymore.