14 DAY TRIAL // Adam Gowdiak, the CEO of Polish firm Security Explorations, reveals that Oracle has confirmed the existence of the sandbox bypass vulnerability which affects all versions of Java SE. The flaw has been found by the company just in time for Oracle’s JavaOne 2012 conference.
Oracle assigned the issue with a tracking number and promised to address it in a future Java SE Critical Patch Update (CPU).
According to the researchers, this newly discovered security hole – which can be leveraged to “violate a fundamental security constraint” of Java Virtual Machines - impacts all of the nearly one billion desktop computers on which the software is currently installed.
They found that attacks could be successfully launched against Java SE 5, 6 and 7, running on a fully patched Windows 7 32-bit operating system.
Internet Explorer 9, Safari 5.1.7, Opera 12, Chrome 21, and Firefox 15 are all affected.