Those that rushed to deploy the latest Java update to plug remote exploit vulnerability woes aren’t done yet. Looks like the exploit still exists in the new version and can be exploited by two new security vulnerabilities.
Security Explorations company founder and security researcher Adam Gowdiak released the warning today on Seclists.org Full Disclosure:
“We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 (JRE version 1.7.0_11-b21).
…As a result, two new security vulnerabilities were spotted in a recent version of Java SE 7 code and they were reported to Oracle today (along with a working Proof of Concept code).”
This is a serious concern as many companies need Java and can’t just simply “turn it off”. Hopefully another security update will be released soon.