[SE-2012-01] New security issues affecting Oracle's Java SE 7u15 Feb 25 2013 08:04AM
Security Explorations (contact security-explorations com)

Hello All,

We had yet another look into Oracle's Java SE 7 software that
was released by the company on Feb 19, 2013. As a result, we
have discovered two new security issues (numbered 54 and 55),
which when combined together can be successfully used to gain
a complete Java security sandbox bypass in the environment of
Java SE 7 Update 15 (1.7.0_15-b03).

Following our Disclosure Policy [1], we provided Oracle with
a brief technical description of the issues found along with
a working Proof of Concept code that illustrates their impact.

Both new issues are specific to Java SE 7 only. They allow to
abuse the Reflection API in a particularly interesting way.

Without going into further details, everything indicates that
a ball is in Oracle's court. Again.

Thank you.

Best Regards
Adam Gowdiak

Security Explorations
"We bring security research to the new level"

[1] Security Explorations - Disclosure Policy

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus