Researchers have discovered a flaw in the latest version of Oracle's Java
runtime environment that attackers can exploit to remotely execute malicious
code on end user machines.
The bug in the Java Web Start component has been confirmed exploitable on all
recent versions of Windows by Tavis Ormandy, a security researcher who prefers
his employer not be named. Fellow researcher Ruben Santamarta of Spain-based
security firm Wintercore, said a related flaw potentially affects Linux users as