Hang on to Your Seats, Another new Security Hole has been Found in Java

Note: This article is part of our archive and is likely out of date.
(Links may not work, downloads have not been recently tested for safety)

By Akemi Iwaya on April 24th, 2013

If you were one of the people who promptly updated the Java installation on your system last week, then you probably felt like things should be in good shape for a bit. Guess again. As seems to be the pattern lately, another new security hole has already been found that affects all versions of Java 7 including the latest release.

The latest security hole was found in the Reflection API and affects all Java 7 (JRE 7) versions including last week’s 1.7.0_21-b11 release. An unusual aspect of the security hole is its presence in the JRE Plugin, JDK software, and Server JRE. The ability for the new exploit to wholly affect a system is dependent on the amount of access the user allows though.

From the Full Disclosure blog post: The new flaw was verified to affect all versions of Java SE 7 (including the recently released 1.7.0_21-b11). It can be used to achieve a complete Java security sandbox bypass on a target system. Successful exploitation in a web browser scenario requires proper user interaction (a user needs to accept the risk of executing a potentially malicious Java application when a security warning window is displayed).

You can read more about the latest security hole at the blog posts linked below…

Note: If you do not need Java on your system, we recommend uninstalling it entirely or disabling the browser plugin.


[SE-2012-01] Yet another Reflection API flaw affecting Oracle’s Java SE [Full Disclosure Mailing List Archives – Seclists.org]

[via The H Security and Sophos Naked Security Blog]

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 04/24/13
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!