IDG News Service – (International) Researchers find critical vulnerability in Java 7 patch hours after release. Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released August 30 that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system. Security Explorations sent a report about the vulnerability to Oracle August 31 together with a proof-of-concept exploit, the security company’s founder and CEO said. Oracle broke out of its regular 4-month patching cycle August 30 to release Java 7 Update 7, an emergency security update that addressed three vulnerabilities, including two that were being exploited by attackers to infect computers with malware since the week of August 20. Java 7 Update 7 also patched a ―security-in-depth issue which, according to Oracle, was not directly exploitable, but could have been used to aggravate the impact of other vulnerabilities.

Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali LoneyExplore More Software Supply Chain Insights
Get the latest insights and research from the Sonatype team in the 10th Annual Software Supply Chain Report.