Oracle patches a critical bug in Java 15 and above, which lets attackers forge TLS certificates and signatures, two-factor authentication messages, and more (Dan Goodin/Ars Technica)

Dan Goodin / Ars Technica:
Oracle patches a critical bug in Java 15 and above, which lets attackers forge TLS certificates and signatures, two-factor authentication messages, and more  —  A failure to sanity check signatures for division-by-zero flaws makes forgeries easy.  —  Organizations using newer versions …

from Techmeme https://ift.tt/71Zk2jz