“Sandboxing” has been touted as the ultimate security solution, but the protection it offers is only as strong as the sandbox itself. And when there are vulnerabilities in the sandbox that allow attackers to circumvent it, you don’t get much protection at all.
A researcher in Poland, unhappy with Oracle’s dismissal of a flaw he previously reported, decided to dive deeper and found five brand new vulnerabilities in Java SE 7, which would allow an attacker to do just that.
Have you disabled Java on your organization’s computers yet?