Forum Thread: The Relevance of Insecurities in Java.exe files in Mathematica 7 ...

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Wolfram Research
And, this specific program:
Mathematica 7.x

This thread has been marked as locked.
BILLHIGG The Relevance of Insecurities in Java.exe files in Mathematica 7 Player
Member 9th Sep, 2009 16:03
Ranking: 0
Posts: 2
User Since: 23rd Aug, 2009
System Score: N/A
Location: N/A
I have contacted Wolfram Research to indicate the insecure Java.exe files found by Secunia PSI.
Their reply is : -
"We are aware of the issue, however the threat to
your system is negligible. Mathematica Player lacks the necessary
internet access and execution abilities for someone to access the security holes from outside your computer. Even a trojan in Mathematica code would not be able to make use of it due to the limitations of player. Now if someone already had access to your system they could indeed make use of these security holes. Of course if they have that much access, it is already far to late and those holes are meaningless."
Is this true? Particularly the last sentence.


Slamgeden RE: The Relevance of Insecurities in Java.exe files in Mathematica 7 Player
Member 10th Sep, 2009 09:23
Score: 0
Posts: 181
User Since: 17th Jul 2009
System Score: N/A
Location: N/A
Not at all. Keep in mind that Java is very internet-aware, not to mention, other software or a browser could use the insecure version of Java. However, it's still a typical attitude from "non-security people".

--
Assorted Fnords.
Was this reply relevant?
+0
-0
BILLHIGG RE: The Relevance of Insecurities in Java.exe files in Mathematica 7 Player
Member 10th Sep, 2009 15:04
Score: 0
Posts: 2
User Since: 23rd Aug 2009
System Score: N/A
Location: N/A
Thanks Slamgeden I appreciate your input.
I have updated all my installed software (including Mathematica 7 Player) and I am now 100% clean.
This latter statement is somewhat ambiguous since there are still some vulnerabilities in programs without known fixes.
Was this reply relevant?
+0
-0
Slamgeden RE: The Relevance of Insecurities in Java.exe files in Mathematica 7 Player
Member 11th Sep, 2009 08:36
Score: 0
Posts: 181
User Since: 17th Jul 2009
System Score: N/A
Location: N/A
Last edited on 11th Sep, 2009 08:37
The Personal Software Inspector is only meant for the home users. Home users have no need to know if software has unpatched security holes. It doesn't help them. If your security needs are greater, buy the CSI.

--
Assorted Fnords.
Was this reply relevant?
+0
-0

This thread has been marked as locked.