Discovered a dangerous vulnerability in Java 7

Posted: July 23, 2013 in Vulnerability News
Tags: , ,

Java DangerAccording to the statements of experts discovered vulnerability allows an attacker to bypass the sandbox Java.

Representatives of the Polish company Security Explorations announced the discovery of a new vulnerability in Java 7, which allows an attacker to bypass the sandbox software and execute arbitrary code on the system.

To confirm the presence of gaps Adam Gowdiak, CEO and founder of Security Explorations, sent a notice to the PoC-code vulnerability in Oracle. According to the researcher, the vulnerability is present in the Reflection API – functions in Java 7. In the Security Explorations confirmed that the PoC-exploit code works for Java SE 7 Update 25 and earlier versions.

Gowdiak said that the discovered vulnerability could allow hackers to carry out a “classic” attack to destroy the virtual machine Java, which has been known for over 10 years.

“This is one of those risks that should be protected first and foremost, with innovations in Java at the core of the virtual machine. Surprisingly, that protection against this type of attack has not been implemented in the Reflection API for developing Java 7” – said the expert.

According to the researchers, the vulnerability allows an attacker to compromise the fundamental safety functions virtual machine Java. “As a result of the attack fraudster may make changes in the operation of the type conversion” – said Gowdiak. In Java, the operation of this type must follow strict rules in order to access the memory was carried out safely.

Gowdiak criticized Oracle for the presence of vulnerabilities in Java 7 and raised the question of the effectiveness of its software, which is responsible for ensuring the safety and security inspection procedures code.

New Reflection API affected by a known 10+ years old attack: http://seclists.org/fulldisclosure/2013/Jul/172

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s