New critical vulnerability detected in Java
According to the claims of security researchers, a new, critical vulnerability has been detected in Java; and the vulnerability can fully circumvent the security sandbox which has been implemented in a number of Java versions.
Stating the new Java flaw-related claim on the Full Disclosure mailing list, Adam Gowdiak - founder and CEO of Security Explorations, which announced the flaw - said that the newly-detected vulnerability affects "all latest versions of Oracle Java SE software."
With Gowdiak also pointing out the new flaw in Java program allows "a complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7," it is quite evident that the vulnerability is worse than the earlier exploits which only impacted Java 7.
In the wake of Security Explorations' confirmation that the exploited has been tested and it works on a fully-patched 32-bit Windows 7 system, under Firefox, Internet Explorer, Opera, Chrome, and Safari, Gowdiak also said that the new vulnerability makes way for the violation of "a fundamental security constraint of a Java Virtual Machine."
Claiming that the new Java vulnerability puts as many as "one billion users" at risk, Security Explorations said that it has already provided Oracle with a technical description of the issue, along with binaries and source code to exploit the flaw and establish its existence.