Java falls three times at Pwn2Own
Published March 7th, 2013 at 5:12 PM EST , modified March 7th, 2013 at 5:12 PM EST
Every year, at the CanSecWest security conference, an infamous competition is held, called Pwn2Own. The basic idea of the contest is to “pwn,” or hack, different web browsers or technologies. Hacks must involve previously unknown vulnerabilities, and winners not only get a sizable cash prize, but they also win the computer that they hacked (thus the “Pwn2Own” name).
Yesterday, on the first day of the competition, Java itself was on the list of targets, and it found itself skewered not once, not twice, but a total of three times. No big surprise for those of us who have been covering Java vulnerabilities for a while, but it does mean we’re likely to see another round of Java updates and Apple disabling the vulnerable versions of Java. Worse, Oracle has threatened that the last version of Java 6 was the last one, so those reliant on Java may find that Apple washes their hands of Java 6 for good.
As always, quit using Java if you can, and if you can’t, you’re going to need to start taking some fairly extreme precautions. See Java is vulnerable… Again?!