SecurityTube

New security hole found in multiple Java versions

JB

The same team of Polish researchers who discovered a critical security hole in Oracle’s Java software say that they uncovered another such hole, which could be used to bypass Java’s secure application “sandbox” – this time on many more versions of Java.

Researchers at Security Explorations, based in Poland, discovered the flaw in Oracle’s Java Standard Edition (SE) and developed a proof of concept exploit for it which permits “complete Java security sandbox bypass,” according to the company’s CEO, Adam Gowdiak.

Writing in an email response to questions from Naked Security, Gowdiak said that he couldn’t discuss details of the vulnerability, beyond saying that the flaw:

“allows to violate a fundamental security constraint of a Java Virtual Machine (type safety).”