A security research firm known for finding Java bugs has uncovered a new critical zero-day vulnerability in Java 5, Java 6 and Java 7! This issue impacts both Windows PCs and Macs and can only be avoided by removing Java from your browser plug-ins. So far Oracle has been provided with a technical overview of the bug and example code outlining the flaw, but has not commented on when a fix will be available. Since this vulnerability apparently affects all Java runtimes it could put close to one billion users at risk!
We’ve recently discovered yet another security vulnerability affecting all latest versions of Oracle Java SE software. The impact of this issue is critical – we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6 and 7. So far, we could only claim such an impact with reference to Java 7 environment (the Apple QuickTime attack relying on Issues 15 and 22 is the only exception here).