Yet another unpatched security hole found in Java
by Carol~ - 4/23/13 12:49 PM
Just last week Oracle issued a critical security patch for Java, and strongly advised computer users to update their systems as soon as possible.
If you did update your Java installation, give yourself a pat on the back.
Done that? Good. Because, unfortunately, the celebrations need to be short-lived as a security researcher now claims to have found yet another as-yet-unpatched flaw, which affects all versions of Java SE 7.
Adam Gowdiak, of Polish Security Explorations, has made a name for himself in the past discovering numerous Java zero-day vulnerabilities.
In an internet posting, Gowdiak claims to have sent to Oracle a report about a reflection API vulnerability in the newly shipped Server Java Runtime Environment (JRE), notifying them of the new security weakness.
The report filed with Oracle's security team was accompanied by proof-of-concept code, making it easy for the software vendor to test the exploit for themselves.
Continued : http://nakedsecurity.sophos.com/2013/04/23/unpatched-security-hole-java/
For additional postings see today's News Thread: New Java security hole affects desktops and servers