Over two years and no fix for Java
Security specialist Sami Koivu has released details of a security vulnerability in Java which he reported to Sun in 2008. Tests by heise Security confirm that it remains unpatched.
The vulnerability concerns the
JFileChooser dialog, which can be used by Java applets to rename files without user interaction. A slightly modified version of the demo applet running under the current version 1.6.0_23 of Java is able to move a link from the desktop to another folder. With a little refinement, this modification of the local file system (something which unsigned applets are not supposed to be able to do) could be used to far more iniquitous ends.
The real scandal is that Koivu informed the then Java owner Sun Microsystems of the problem back in 2008. His blog posting details his original bug report to Sun, Sun's response and his reply to that response. The incident is all the more serious for the fact that vulnerabilities in Java are now routinely used to infect PCs with malware. According to data from Microsoft's Malware Protection Center, in 2010 Java was the most frequent target for attacks by malicious web sites. It's going to be interesting to see how long it takes Oracle, which acquired Sun in 2009, to produce a patch.