Researchers Find More Zero-Day Vulnerabilities in Java
The two flaws, when combined, can be leveraged to bypass the Java security sandbox.
Security Explorations researchers recently uncovered two new security flaws in Java.
"Oracle has been provided with the details of the newly uncovered bugs, but so far, it has only confirmed receiving the information," writes Softpedia's Eduard Kovacs. "Most likely, the company will confirm the existence of the flaws in the upcoming days."
"Security Explorations CEO Adam Gowdiak told Softpedia that it tested the flaw in the original release of Java 7, as well as in Java 7 Updates 11 and 15," writes Ars Technica's Jon Brodkin. "Java 7 Update 15 is the latest version released last week. 'When combined, the flaws can be leveraged to achieve a complete bypass of the Java security sandbox,' Softpedia wrote."
"The new vulnerabilities affect only Java 7, said Gowdiak ... Java 6, which Oracle has officially retired from support, does not contain the bugs," writes Computerworld's Gregg Keizer. "Java has faced an increasing number of 'zero-day' vulnerabilities, bugs that are exploited by criminals before those flaws are patched, or even known by the vendor. Oracle has been forced to rush out patches twice this year to close those holes."