Latest Java Update Broken; Two New Sandbox Bypass Flaws Found

msm1267 writes "Oracle's long security nightmare with Java just gets worse. A post to Full Disclosure this morning from a security researcher indicated that two new sandbox bypass vulnerabilities have been discovered and reported to Oracle, along with working exploit code. Oracle released Java 7u11 last Sunday and said it fixed a pair of vulnerabilities being exploited by all the major exploit kits. Turns out one of those two bugs wasn't completely patched. Today's bugs are apparently not related to the previous security issues."

Re:Just let it die already

[Antipater]

To be fair, coding your way out of a paper bag sounds pretty difficult.

Unless you have a robot with poking capabilities inside the bag with you, of course.

Enough already

[mark-t]

While admittedly this could reasonably qualify as news for nerds, the exploits that are being discovered in Java these days are happening with such rapidity now that it truly seems like a complete waste of time and effort to report them all individually. They are so frequent now as to border on spam.

If they keep this up...

[mandark1967]

Adobe is gonna get jealous.

Comment removed

[account_deleted]

Comment removed based on user account deletion