Researchers from Security Explorations, a Poland-based vulnerability research firm, claim to have found two new vulnerabilities in Java 7 Update 11 that can be exploited to bypass the software's security sandbox and execute arbitrary code on computers.
Oracle released Java 7 Update 11 last Sunday as an emergency security update in order to block a zero-day exploit used by cybercriminals to infect computers with malware.
Security Explorations successfully confirmed that a complete Java security sandbox bypass can be still be achieved under Java 7 Update 11 (JRE version 1.7.0_11-b21) by exploiting two new vulnerabilities discovered by the company's researchers, Adam Gowdiak, the company's founder, said Friday in a message sent to the Full Disclosure mailing list. The vulnerabilities were reported to Oracle on Friday, together with working proof-of-concept exploit code, he said.
According to Security Explorations' disclosure policy, technical details about the vulnerabilities will not be publicly disclosed until the vendor issues a patch.