Home page logo

bugtraq logo Bugtraq mailing list archives

[SE-2012-01] New security issues affecting Oracle's Java SE 7u15
From: Security Explorations <contact () security-explorations com>
Date: Mon, 25 Feb 2013 09:04:58 +0100

Hello All,

We had yet another look into Oracle's Java SE 7 software that
was released by the company on Feb 19, 2013. As a result, we
have discovered two new security issues (numbered 54 and 55),
which when combined together can be successfully used to gain
a complete Java security sandbox bypass in the environment of
Java SE 7 Update 15 (1.7.0_15-b03).

Following our Disclosure Policy [1], we provided Oracle with
a brief technical description of the issues found along with
a working Proof of Concept code that illustrates their impact.

Both new issues are specific to Java SE 7 only. They allow to
abuse the Reflection API in a particularly interesting way.

Without going into further details, everything indicates that
a ball is in Oracle's court. Again.

Thank you.

Best Regards
Adam Gowdiak

Security Explorations
"We bring security research to the new level"

[1] Security Explorations - Disclosure Policy

  By Date           By Thread  

Current thread:
  • [SE-2012-01] New security issues affecting Oracle's Java SE 7u15 Security Explorations (Feb 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]