[SE-2012-01] New security issue affecting Java SE 7 Update 7

September 3, 2012 by  
Filed under Security News


Views 1,944 views  
FaceBook Logo FB Comments
Comments 10 Comments

Hello All,

On 30 Aug, an out-of-band patch was released by Oracle [1], which
among other things incorporated fixes for the issues exploited by
the recent Java SE 7 attack code (ClassFinder / MethodFinder bugs).

One of the fixes incorporated in the released update also addressed
the exploitation vector with the use of the sun.awt.SunToolkit class.
Removing getField and getMethod methods from the implementation of
the aforementioned class caused all of our full sandbox bypass Proof
of Concept codes [2] not to work any more (please note, that not all
security issues that were reported in Apr 2012 got addressed by the
recent Java update).

Today we sent a security vulnerability report along with a Proof of
Concept code to Oracle. The code successfully demonstrates a complete
JVM sandbox bypass in the environment of a latest Java SE software
(version 7 Update 7 released on Aug 30, 2012). The reason for it is
a new security issue discovered, that made exploitation of some of
our not yet addressed bugs possible to exploit again.

Thank you.

Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

References:
[1] Oracle Security Alert for CVE-2012-4681

http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
[2] SE-2012-01 Proof of Concept Codes (technical information)
    http://www.security-explorations.com/en/SE-2012-01-poc.html
Source: http://www.seclists.org


FaceBook Comments



Comments

10 Responses to “[SE-2012-01] New security issue affecting Java SE 7 Update 7”
  1. “[SE-2012-01] New security issue affecting Java SE 7 Update 7 | Virus Experts – We Make Your Digital Life Secured” ended up being
    a really nice article, . Keep publishing and I’ll keep viewing! Thanks a lot -Wallace

  2. swdlc.org says:

    I personally was initially looking for ideas for my personal weblog and noticed ur post,
    “[SE-2012-01] New security issue affecting Java SE
    7 Update 7 | Virus Experts – We Make Your Digital Life Secured”, do you really
    mind in the event that I really employ a bit of of your ideas?
    Appreciate it ,Philomena

  3. beau dietl says:

    I do not leave a lot of comments, but I looked at a few of the responses on
    [SE-2012-01] New security issue affecting Java SE
    7 Update 7 | Virus Experts – We Make Your Digital Life Secured.

    I actually do have some questions for you if you do not mind.
    Is it simply me or does it look like like a few of these comments come
    across as if they are left by brain dead visitors?
    :-P And, if you are writing on additional sites, I would like to follow everything new you have to post.
    Could you post a list of all of your social networking sites like your twitter
    feed, Facebook page or linkedin profile?

  4. Howdy! I know this is kinda off topic however I’d figured I’d ask.
    Would you be interested in trading links or maybe
    guest authoring a blog post or vice-versa? My blog goes over a
    lot of the same topics as yours and I believe we could greatly benefit from
    each other. If you are interested feel free to shoot me an email.
    I look forward to hearing from you! Great blog by the way!

  5. razaahsanchinawar says:

    It is a very inspiring post to go through for excellent story about sustainability; food and environment in urban areas.The successful example of urban farming in Chicago can be followed in other cities to make the cities greener and less polluted.I’ve enjoyed reading the interesting discussion. http://www.educationlearning-online.com/

  6. ornaddash says:

    …Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me. Super Mario Mahjong ou Mushroom Cannon et encore plus de jeux, alors a toi de choisir parmi 100 jeux du plombier de Nintendo, bon jeu sur notre site et reviens régulièrement car nous publions régulièrement de nouveaux jeux de Mario http://www.gamblingpokercasino.com/

  7. golf says:

    So encouraging things are provided here,I really happy to read your post

  8. Terrific Web site, Keep up the fantastic work.
    Regards!

  9. Rohit says:

    I am so blissful to peruse this. This is the sort of manual that needs to be given and not the irregular falsehood that is at alternate web journals. Much obliged concerning imparting

  10. brunasse says:

    Très bon рst : pérennisez danѕ cette voie

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!