Oracle's emergency Java patch brings sandbox bypass
Oracle's latest patch to close up several vulnerabilities that were being actively exploited in the wild may not have been enough, with researchers now claiming that even the latest patch (Version 7 Update 7) contains yet another vulnerability.
Researchers at Security Explorations have been scrutinising Java as part of a research project, and were able to confirm on the Bugtraq mailing list on Friday afternoon that the previous vulnerabilities discovered had been closed by the latest patch. The company also claimed that it disclosed these vulnerabilities to Oracle in April 2012. However, the latest patch (update 7) may have another vulnerability that allows an attacker to escape the Java Virtual Machine sandbox in a different manner to the previous exploit.
- Fri, 2013-04-19 05:32
- Tue, 2013-03-05 06:54
- Fri, 2013-03-01 10:43