‘Crypto Bug of the Year’ Fixed — Update Java NOW - Security Boulevard

Thumbs Down for Oracle: A ridiculously dumb flaw in Java’s signature checking code is now patched. The Elliptic Curve Digital Signature Algorithm (ECDSA) allowed a “blank” signature to be waved through. Doctor Who fans will recognise the reference in the “Psychic Signatures” moniker.

Duke isn’t looking so chipper recently. In today’s #SBBlogwatch, we wonder what other nasties are lurking in Java. At @SecurityBlvd: https://t.co/WYbjGGurPW

— @Richi 😷 Jennings (@RiCHi) April 25, 2022