A week after disclosing two Java vulnerabilities, a Polish security firm reported finding five more in the latest version of Java. When used together, the new holes could bypass the technology’s sandbox in order to install malware.
Security Explorations notified Oracle Monday of the vulnerabilities in Java SE 7 Update 15. Along with details of the flaws, Security Explorations also supplied proof of concept code.
Oracle did not respond to a request for comment.
Separately, the flaws do not pose a security problem, the company said. However, when linked together, they can enable someone to bypass the Java’s anti-exploit sandbox technology. Security Explorations said it had not seen the vulnerabilities exploited in the wild.
The latest vulnerability report follows a week after the same company reported two other holes in Oracle’s latest plug-in used to run Java applications in a browser.
Click here to read more.