**"The attack was injected into the site's HTML, so any engineer who visited the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		error54 on Feb 15, 2013 \| parent \| context \| favorite \| on: Facebook computers compromised by zero-day Java ex... "The attack was injected into the site's HTML, so any engineer who visited the site and had Java enabled in their browser would have been affected," Sullivan told Ars, "regardless of how patched their machine was." It's criminal how Oracle can release production code with so many security holes. It seems like every week there is a new new Java based exploit.

yuhong on Feb 15, 2013 [–]

Some of these vulns are extremely old. I read the Oracle security bulletin which says some of them dates back to 1.4.2. (Oracle is still willing to support such old versions if you pay for it)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact