A security researcher claims to have found five, new vulnerabilities in Oracle's Java technology that could allow a malicious hacker to bypass safety features in the latest version of the Java technology.
If used in concert, the five security holes could enable an attacker to run malicious code outside of the Java "sandbox," a virtual container that is used to run untrusted code. That, according to a post on the Full-Disclosure security discussion list on Monday by Adam Gowdiak of the Polish security firm Security Explorations.
Java is a ubiquitous technology that runs on billions of devices and web pages which has made it a popular target for cyber criminals and otherwise motivated attackers. Recently, exploits for previously unknown ("zero day") holes in Java have been used in targeted attacks against developers at Twitter, Facebook, and Apple, breaching the security of those organizations. An exploit of a separate Java "zero day" is believed to be linked to the hack at security firm Bit9, which resulted in a malicious program being added to Bit9's "whitelist" of approved applications.