Oracle Java Patch Has Security Flaw, Researchers Say

Update fixes one vulnerability but creates another.

eWeek: Polish firm Security Explorations says that Oracle's recently released emergency Java patch has a security vulnerability of its own. They say the update could allow attackers to bypass the JVM sandbox. "I cannot share more details about the nature of the new bug. [But] when combined with some of the Apr 2012 issues, this new issue can facilitate a successful code execution attack on latest Java SE 7 Update 7," said Security Explorations CEO Adam Gowdiak.

Oracle is investigating the issue.




Tags: Java, Oracle, security vulnerabilities, update, sandbox


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.