Posted by Security Explorations on Oct 21

Hello All,

Oracle Critical Patch Update released yesterday incorporates a fix
for a Java SE 7 vulnerability (Issue 42) that was discovered while
investigating security of Google App Engine. Its technical details
and a POC code can be found at the following address:

http://www.security-explorations.com/en/SE-2014-02-details.html

Issue 42 is caused by improper initialization of interface method
slots in a HotSpot VM. As a result, protected…