Friday, January 18, 2013

Fresh vulnerabilities plague Java 7 Update 11

Security Explorations, a vulnerability research firm based in Poland, claims to have discovered two new vulnerabilities in Java 7 Update 11.  In a message sent to the Full Disclosure mailing list, Security Explorations founder, Adam Dowdiak, said that the company's researchers "have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21)."

The message continued to say that two new vulnerabilities were discovered, they were reported to Oracle today, accompanied by a working Proof of Concept exploit code.  As per Security Explorations' own disclosure policy, details about the vulnerability will not be publicly disclosed until Oracle releases a fix.

The Vendor Status page on the Security Explorations web site shows the following update dated January 18, 2013:
  • Vulnerability Notice along with a Proof of Concept code are sent to Oracle corporation (Issues 51 and 52).
  • Oracle confirms successful reception and decryption of the vulnerability report. The company informs that it will investigate based on the data provided and get back to us soon.
  • Oracle provides tracking numbers for Issues 51 and 52.
For more information, please visit the following Security Threat Center article.

No comments:

Post a Comment