Serious flaw present in latest Java Runtime Environment for desktops and servers, researchers say

Researchers from Security Explorations claim to have found a new sandbox bypass vulnerability in the Java 7 Reflection API component

By Lucian Constantin, IDG News Service |  Security

The researcher took issue with the way Reflection API was implemented and audited for security issues in Java 7, because the component has been the source of multiple vulnerabilities so far. "The Reflection API does not fit the Java security model very well and if used improperly it can easily lead to security problems," he said.

This new flaw is a typical example of a Reflection API weakness, Gowdiak said. This vulnerability shouldn't be present in Java 7 code one year after a generic security problem related to Reflection API was reported to Oracle by Security Explorations, he said.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness