Current versions of IBM SDK 7 and SDK 8 remain vulnerable to a 2013 Java vulnerability. Security Explorations discovered the original patch is broken and disclosed details on the flaw and a proof-of-concept exploit.
Tag Archives: Adam Gowdiak
Emergency Java Patch Re-Issued for 2013 Vulnerability
Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013.
Broken 2013 Java Patch Leads to Sandbox Bypass
A patch for a critical 2013 Java vulnerability is incomplete, and exposes Java servers and clients to a sandbox bypass, researchers at Security Explorations of Poland said.
Custom Google App Engine Tweak Still Leads to Java Sandbox Escapes
Researchers at Security Explorations say a change implemented by Google to the Java security model as its implemented in the Google App Engine leads to sandbox escapes.
Java Reflection API Woes Resurface in Latest Oracle Patches
Oracle’s Critical Patch update addresses 154 vulnerabilities, many of which are remotely exploitable. Security Explorations of Poland, meanwhile, published details on a number of Java flaws in the Java Reflection API.