Path: csiph.com!usenet.pasdenom.info!news.albasani.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Fredrik Jonson <fredrik@jonson.org>
Newsgroups: comp.lang.java.programmer
Subject: Re: JDK 1.7.0_07 and JDK 1.6.0_35 are out
Date: 1 Sep 2012 06:38:25 GMT
Lines: 20
Message-ID: <slrnk43bba.pfm.fredrik@scout.jonson.org>
References: <6luv38htl4ve3ldqv0pd1pmu876gddq2v6@4ax.com> <50400827$0$289$14726298@news.sunsite.dk> <k1p1fp$24v$1@dont-email.me> <ei604819trie2avefhs4punmav31tmibuo@4ax.com> <slrnk40ksb.mg5.fredrik@scout.jonson.org> <k1plkf$r9n$1@dont-email.me> <slrnk4275r.olb.fredrik@scout.jonson.org>
X-Trace: individual.net W9emkBHJgD62qbdubIoPPgGpdZHP+1ntg1a2g10iJNkUk6HDajmSoz4doBPrCo4+Q=
Cancel-Lock: sha1:B1+390bMcfKuucdaAEP0IaLKAMA=
User-Agent: slrn/pre1.0.0-18 (Linux)
Xref: csiph.com comp.lang.java.programmer:18495

Hmm,

There are now reports of another sandbox-breaking exploit, that has not been
patched in the Java 7u7 release.

  "As in the case of the earlier vulnerabilities, Gowdiak says, this flaw
   allows an attacker to bypass the Java security sandbox completely [...]

   Unlike the earlier vulnerabilities, no known exploit of the new flaw has yet
   been found in the wild, but Gowdiak says he included proof-of-concept code
   with the report to demonstrate that an exploit is indeed possible.

   Oracle has not acknowledged that the new vulnerability actually exists, but
   it has confirmed that it has received Security Explorations' vulnerability
   report and is analyzing it."

http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/

--
Fredrik Jonson