crypto bug of the year

Oracle fixes Java annual encryption vulnerability affecting Java 15 and above

Oracle pushed out a security update yesterday to fix a vulnerability that allowed attackers to forge certain types of SSL certificates and handshakes, two-factor authentication information, and authorization credentials generated by a range of widely used open standards. This allows an attacker to easily digitally sign files and other data. This vulnerability affects the implementation of ECDSA (Elliptic Curve Digital Signature Algorithm) in Java 15 and above. ECDSA is an algorithm that uses elliptic curve cryptography principles to digitally authenticate messages.