Security Explorations has successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11.
2c0a7f2862f4d546c45170b13f44126996fbdec8d1119e3f9d1012ddc23afa5a
Hello All,
This post might be interesting for those concerned about the
state of Oracle's Java SE security.
We have successfully confirmed that a complete Java security
sandbox bypass can be still gained under the recent version
of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21).
MBeanInstantiator bug (or rather a lack of a fix for it [2][3])
turned out to be quite inspirational for us. However, instead
of relying on this particular bug, we have decided to dig our
own issues. As a result, two new security vulnerabilities (51
and 52) were spotted in a recent version of Java SE 7 code and
they were reported to Oracle today [4] (along with a working
Proof of Concept code).
Thank you.
Best Regards
Adam Gowdiak
---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------
References:
References:
[1] Oracle Security Alert for CVE-2013-0422
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
[2] Java 7 Update 11 Addresses the Flaw Partly Fixed in October 2012,
Experts Say
http://news.softpedia.com/news/Java-7-Update-11-Addresses-the-Flaw-Partly-Fixed-in-October-2012-Experts-Say-320792.shtml
[3] Confirmed: Java only fixed one of the two bugs
http://immunityproducts.blogspot.com.ar/2013/01/confirmed-java-only-fixed-one-of-two.html
[4] SE-2012-01 Vendors status
http://www.security-explorations.com/en/SE-2012-01-status.html
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed