Hello All, Yesterday, an out-of-band patch was released by Oracle [1], which among other things incorporated fixes for the issues exploited by the recent Java SE 7 attack code (ClassFinder / MethodFinder bugs). One of the fixes incorporated in the released update also addressed the exploitation vector with the use of the sun.awt.SunToolkit class. Removing getField and getMethod methods from the implementation of the aforementioned class caused all of our full sandbox bypass Proof of Concept codes [2] not to work any more (please note, that not all security issues that were reported in Apr 2012 got addressed by the recent Java update). Today we sent a security vulnerability report along with a Proof of Concept code to Oracle. The code successfully demonstrates a complete JVM sandbox bypass in the environment of a latest Java SE software (version 7 Update 7 released on Aug 30, 2012). The reason for it is a new security issue discovered, that made exploitation of some of our not yet addressed bugs possible to exploit again. Thank you. Best Regards, Adam Gowdiak --------------------------------------------- Security Explorations http://www.security-explorations.com "We bring security research to the new level" --------------------------------------------- References: [1] Oracle Security Alert for CVE-2012-4681 http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html [2] SE-2012-01 Proof of Concept Codes (technical information) http://www.security-explorations.com/en/SE-2012-01-poc.html
