A flaw identified in the latest version of Java allows for a complete bypass of the Java security sandbox, a security firm reported today. Meanwhile, a security hole recently fixed by Oracle is being targeted by attackers, underscoring the importance of installing patches quickly.
The security firm Security Explorations said today that it sent a "Vulnerability Notice along with a Proof of Concept code" to Oracle, and that Oracle has confirmed receiving the notice. "The company informs that it will investigate based on the data provided and get back to us soon," Security Explorations said.
Security Explorations CEO Adam Gowdiak told Softpedia that it tested the flaw in the original release of Java 7, as well as in Java 7 Updates 11 and 15. Java 7 Update 15 is the latest version released last week. "When combined, the flaws can be leveraged to achieve a complete bypass of the Java security sandbox," Softpedia wrote.