eWeek: Polish firm Security Explorations says that Oracle's recently released emergency Java patch has a security vulnerability of its own. They say the update could allow attackers to bypass the JVM sandbox. "I cannot share more details about the nature of the new bug. [But] when combined with some of the Apr 2012 issues, this new issue can facilitate a successful code execution attack on latest Java SE 7 Update 7," said Security Explorations CEO Adam Gowdiak.
Oracle is investigating the issue.