It’s been quite a hard month for Oracle’s Java.
First, back in late August the Java browser plug-in was found to be vulnerable to an exploit that could make all PCs using browsers with the Java plug-in installed open to malware by visiting a malicious website. Thankfully, Oracle didn’t wait for its October patch to fix the issue, and released a patch just a few days later.
Only that wasn’t the end of it. A security company announced the day after the patch that another vulnerability in the Java software had been found. Meanwhile, the news came that Oracle knew about the exploits but did not fix them until news of them forced their hand.
Today, security company Security Explorations has once again called out Oracle for an exploit found in Java. The new exploit affects all the latest versions of Java SE software, including Java SE 5, 6, and 7. The company’s CEO, Adam Gowdiak stated that their tests were able to bypass Java’s security sandbox. The tests used a fully updated version of 32-bit Windows 7 and modern browsers. Anyone using Firefox, Chrome, Internet Explorer, Opera, or Safari is vulnerable.
Gowdiak said in an email that the company has notified Oracle of the exploit. He also told ComputerWorld in an interview that, thankfully, there is not yet any evidence of attacks that use the newly revealed exploit.