After an exploit in the latest Java 7 framework was discovered, Oracle (ORCL) responded with an emergency patch to fix the problem. The company’s quickness, however, may have opened the door to more vulnerabilities in the Java software. While the patch fixed the original exploit, it introduced a new vulnerability that allows an attacker to bypass the Java Virtual Machine sandbox. Researchers at Security Explorations discovered the exploit and have sent a proof of concept to Oracle, and they are currently waiting to hear back. The research firm has not released the code to the public, although it plans to write a technical paper on the issue once it has been patched. The latest exploit follows a string of vulnerabilities found in Java over the past year.
- Technology & Electronics