IDG News Service – (International) Researchers find critical vulnerability in Java 7 patch hours after release. Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released August 30 that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system. Security Explorations sent a report about the vulnerability to Oracle August 31 together with a proof-of-concept exploit, the security company’s founder and CEO said. Oracle broke out of its regular 4-month patching cycle August 30 to release Java 7 Update 7, an emergency security update that addressed three vulnerabilities, including two that were being exploited by attackers to infect computers with malware since the week of August 20. Java 7 Update 7 also patched a ―security-in-depth issue which, according to Oracle, was not directly exploitable, but could have been used to aggravate the impact of other vulnerabilities.
Ali Loney, on August 31, 2012