A new exploit for the Java virtual machine has been disclosed by a Google researchers, after reportedly being told by Oracle’s Sun team that they didn’t consider it to be important enough to issue an out-of-cycle patch for it. The next updates are due in July.
The researcher, Tavis Ormandy, says the vulnerability could allow attackers to run unauthorized Java programs on the victim’s computer, which could obviously have some pretty serious consequences. The flaw affects all versions of Java since Java SE 6 update 10 for Windows and possibly Java on Linux, as well. Although Java-based attacks are still rare, it’s certainly something to be aware of if you’re running Java on a mission critical machine.
You can read more here:
http://www.infoworld.com/d/security-central/nasty-java-bug-could-lead-attack-215