Oracle’s Java was deemed vulnerable yet again by Polish researcher Adam Gowdiak, except the new breach is universally exploitable in all previous Java SE versions, such as Java 5, 6 and 7.
“A complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7” is supposed to be even worse than previous exploits because more than one billion users could be affected, Gowdiak wrote in a BugTrack full disclosure mailing list.
“We’ve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software” says the full disclosure email. “The impact of this issue is critical – we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7.”
“We hope that news about one billion users of Oracle Java SE software being vulnerable to yet another security flaw is not gonna spoil the taste of Larry Ellison’s morning Java,” said Gowdiak.
Disabling the Java plugin from browsers is the best course of action if users want to avoid the vulnerability, experts warn.