Polish security firm Security Explorations has discovered two new vulnerabilities in Java



From threatpost:

Very little of the attack was officially disclosed by the company but CEO Adam Gowdiak did acknowledge that the vulnerability only affects Java’s SE 7 software – which saw Update 15 released last Tuesday – and according to reports, stems from a problem with Java Reflection API.

Gowdiak and his team at Security Explorations have proved adept at finding holes in the much maligned Java over the past year or so. The company previously developed a sandbox escape for versions 5, 6, and 7 of the software last fall before advocating for the removal of the framework.

The latest Java vulnerability is apparently unrelated to a separate vulnerability Gowdiak found last fall that Oracle claimed it would wait until February to fix that could’ve given an attacker free reign over a user’s computer by using a malicious Java applet.

  Two More Java Zero Days Found by Polish Research Team