Security researchers at the Poland-based Security Explorations have posted several ominous exploits on their blog, all 30 of which relate directly to Oracle’s famed Java Cloud Service.
The service, which relies on Java architecture to provide millions of users with a reliable, fast, and light method of storing their files in the cloud, is just as susceptible to cracks as the software it’s built on top of. This will concern many who are all too familiar with the web app’s notoriously weak security standards.
Normally you would see these types of announcements made only after Oracle has a chance to patch all the exploits mentioned in the report. However the team behind the discovery thought it necessary after the company continuously refused to acknowledge the holes after a series of emails and several months spent in between fixes.
In lieu of a response from Oracle, the netsec firm decided to take things into their own hands, openly publishing the exploits for all to see in an effort to try and convince the Java dealer that the issues were important enough to warrant their impromptu announcement.
“The company openly admits it cannot promise whether it will be communicating resolution of security vulnerabilities affecting their cloud data centers in the future,” Adam Gowdiak, CEO of Security Explorations said.
The primary concern for anyone beholden to the service right now should be the execution bugs, which enable anyone with the proper code to root around personal servers, change settings, and even launch programs within virtualized environments which are supposedly impervious to these types of attacks.
“Security Explorations verified that a malicious Java code exploiting a combination of identified vulnerabilities could be executed on a WebLogic server instance of arbitrary users of Oracle Java Cloud Service.”
Oracle’s Java Cloud Service first went into operation in early 2011 as a response to the growing interest in companies like Salesforce, who were quickly (and somewhat unexpectedly) encroaching on the market that Oracle has held a vice grip on for the past 15 years.