/>
X
Innovation

Oracle's emergency Java patch brings sandbox bypass

Users that quickly patched against the recent Java zero-day may have just opened themselves up to yet another vulnerability.
michael-11.jpg
Written by Michael Lee, Contributor on

Oracle's latest patch to close up several vulnerabilities that were being actively exploited in the wild may not have been enough, with researchers now claiming that even the latest patch (Version 7 Update 7) contains yet another vulnerability.

Researchers at Security Explorations have been scrutinising Java as part of a research project, and were able to confirm on the Bugtraq mailing list on Friday afternoon that the previous vulnerabilities discovered had been closed by the latest patch. The company also claimed that it disclosed these vulnerabilities to Oracle in April 2012.

However, the latest patch (update 7) may have another vulnerability that allows an attacker to escape the Java Virtual Machine sandbox in a different manner to the previous exploit.

According to Security Explorations, it has sent Oracle proof of concept code, which demonstrates the vulnerability in the latest patch, and it is awaiting confirmation. The research firm has not released any code into the public, stating that it will write up a technical paper on the issue, though only once Oracle has made a patch available.

Editorial standards

Related

Southwest Airlines has a big problem and customers may not know it
screen-shot-2022-09-27-at-9-38-07-am.png

Southwest Airlines has a big problem and customers may not know it

American Airlines may end a real customer advantage for a sad, twisted reason
screen-shot-2022-07-06-at-4-32-47-pm.png

American Airlines may end a real customer advantage for a sad, twisted reason

I went to an Apple store and all I heard was bad news
iPhone 14 Pro and Pro Max

I went to an Apple store and all I heard was bad news