|
發表於 2013-1-15 20:58:00
|
顯示全部樓層
回復 張家輝 #14 的帖子
Oracle 現時的 solution 並未完滿地解決個問題
而只係把 JVM 的內部 保安設定由 Medium set to High
呢個就好似食住 退燒藥 頂住先, 大家要留意 Oracle 新的公布
Oracle Security Alert for CVE-2013-0422
Description
This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
The fixes in this Alert include a change to the default Java Security Level setting from "Medium" to "High". With the "High" setting, the user is always prompted before any unsigned Java applet or Java Web Start application is run.
全文請看 http://www.oracle.com/technetwor ... 3-0422-1896849.html
|
|