Posted by Security Explorations on Apr 12
Hello All,
We discovered that yet another fix for a security vulnerability in IBM
Java (Issue 70 [1] assigned CVE-2013-5456) we reported to the company
in 2013 hasn’t been fixed properly.
Again, the actual root cause of the issue hasn’t been addressed at all.
There were no security checks introduced anywhere in the code. The patch
primarily addressed the scenario illustrated by a Proof of Concept code.
It didn’t take into account…