This was announced by Adam Gowdiak, Grüder and CEO of the Polish security start-up Security Explorations, the British industry service "The Register" in an email. As with the three security leaks stuffed by Oracle, the vulnerability that still exists allows an attacker to completely override the Java sandbox and install malware on the attacked computer or execute arbitrary code.
After all, there is still no exploit for the vulnerability "in the wild, " Gowdiak continues. However, in his report to Oracle, he sent along a proof-of-concept code.
Java Grailkeeper Oracle has not yet officially confirmed the new vulnerability, but has acknowledged the Vulnerability Reort's input from Poland.
The next Java Critical Patch Update (CPU) is scheduled for 16 October. Whether the vulnerability is eliminated with it, but rather in the stars - at the last CPU in June, Oracle had only two of 29 discovered by Security Explorations and reported in April to Oracle vulnerabilities.spoods.de
In view of this, users can only be advised to deactivate the Java plug-in in their web browsers or to completely remove Java from the computer.