[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <50408CC6.1010908@security-explorations.com>
Date: Fri, 31 Aug 2012 12:07:02 +0200
From: Security Explorations <contact@...urity-explorations.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [SE-2012-01] New security issue affecting Java SE
7 Update 7
Hello All,
Yesterday, an out-of-band patch was released by Oracle [1], which
among other things incorporated fixes for the issues exploited by
the recent Java SE 7 attack code (ClassFinder / MethodFinder bugs).
One of the fixes incorporated in the released update also addressed
the exploitation vector with the use of the sun.awt.SunToolkit class.
Removing getField and getMethod methods from the implementation of
the aforementioned class caused all of our full sandbox bypass Proof
of Concept codes [2] not to work any more (please note, that not all
security issues that were reported in Apr 2012 got addressed by the
recent Java update).
Today we sent a security vulnerability report along with a Proof of
Concept code to Oracle. The code successfully demonstrates a complete
JVM sandbox bypass in the environment of a latest Java SE software
(version 7 Update 7 released on Aug 30, 2012). The reason for it is
a new security issue discovered, that made exploitation of some of
our not yet addressed bugs possible to exploit again.
Thank you.
Best Regards,
Adam Gowdiak
---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------
References:
[1] Oracle Security Alert for CVE-2012-4681
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
[2] SE-2012-01 Proof of Concept Codes (technical information)
http://www.security-explorations.com/en/SE-2012-01-poc.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists