A new Java vulnerability has surfaced that apparently affects all Java runtimes and therefore puts close to a billion users at risk:
It’s just a proof of concept for now, but a newly revealed Java vulnerability could have very widespread repercussions.
Security research company Security Explorations has issued a description of a new critical security flaw in Java SE 5 build 1.5.0_22-b03, Java SE 6 build 1.6.0_35-b10, and the latest Java SE 7 build 1.7.0_07-b10. This error is caused by a discrepancy with how the Java virtual machine handles defined data types (a type-safety error) and in doing so violates a fundamental security constraint in the Java runtime, allowing a complete bypass of the Java sandbox.
Security Explorations conducted tests on a fully patched Windows 7 machine, and was able to exploit the bug using the Java plugin in the latest versions of most popular browsers (Internet Explorer, Firefox, Chrome…
View original post 415 more words