Hole in MS security brews Java storm

Applet slips past JVM security.

Another security hole in Microsoft Java Virtual Machine (JVM) that allows a computer to be manipulated freely by a rogue applet, has been uncovered by a researcher at the University of Marburg in Germany.

Karsten Sohr of the University of Marburg discovered it is possible to break through JVM's security with a piece of code that violates Java typing rules but is not detected by Microsoft's JVM verifier.

The exploit was highlighted on popular online security forum The Risks Digest by experts from Princeton University who claim to have developed an applet that illustrates the flaw.

The Princeton experts say they have contacted Microsoft which is currently working on a fix.