14 DAY TRIAL // Security Explorations has informed me that Oracle has confirmed the existence of the 30 Java Cloud Service security issues reported to the company in late January.
All of the 30 flaws have been confirmed by Oracle. Over half of them can be exploited to completely bypass the Java security sandbox.
Security Explorations CEO Adam Gowdiak says that Oracle has not informed them of any specific plans regarding the security fixes. However, Oracle will provide the security research firm status updates on the 24th of each month.
According to Gowdiak, the nature of these vulnerabilities shows that Oracle hasn’t put too much effort into making sure that the Java Cloud Service is secured properly.
“They illustrate known and widely discussed security risks related to Java. They also expose weak understanding of Java security model and attack techniques by Oracle engineers,” he said.