1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Three-year-old IBM patch for critical Java flaw is broken

Discussion in 'Network World' started by RSS, Apr 5, 2016.

  1. RSS

    RSS New Member Member

    Security researchers have found that a patch released by IBM three years ago for a critical vulnerability in its own Java implementation is ineffective and can be easily bypassed to exploit the flaw again.

    The broken patch was discovered by researchers from Polish firm Security Explorations who found the vulnerability and reported it to IBM in May 2013. IBM issued a fix in a July 2013 update for its Java development kit.

    IBM maintains its own implementation of the Java virtual machine and runtime. This version of Java is included in some of the company's enterprise software products, as well as in the IBM Software Developer Kit, which is available for platforms like AIX, Linux, z/OS and IBM i.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page