The already poor security reputation of Oracle's Java software platform has taken another knock after further security issues were found by researchers.
Once again, the alert comes from Polish company Security Explorations that has discovered two major flaws which, in combination, can be used to completely bypass the Java sandbox.
Speaking to Softpedia, the chief executive of Security Explorations, Adam Gowdiak, said the issues are specific to Java Standard Edition 7 and use the Reflection application programming interface which Oracle said "is powerful, but should not be used indiscriminately".
The exploit works against the latest Java SE 7 update 15, released by Oracle a few days ago, Security Explorations claim.
Security Explorations has notified Oracle and provided sample code for the vulnerabilities.
Thanks to multiple and frequent weaknesses, Java has become the favoured attack vector of digital miscreants.
Java zero-day exploits have been used to compromise employees' computers at Facebook, Microsoft and Apple and to build large botnets.
Oracle has said it intends to sort out Java's security problems. Meanwhile, security experts recommend that users disable Java in browsers or if they don't need it, to remove it completely from their systems.
.png&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
