This is getting a little ridiculous.
The latest build of Java just had two more sandbox-breaking zero-days found in it.
Build your own security joke:
– Firing range
“The seemingly endless list of critical zero day bugs found in Java grew longer today with news that one of the flaws fixed in Oracle’s recent patches for the product is under attack and when that bug is paired with another, separate vulnerability, the sandbox in the latest build of Java can be bypassed.
Polish security firm Security Explorations sent details regarding the two vulnerabilities, “issue 54” and “issue 55,” including proof of concept code, to Oracle for review today. Oracle confirmed it has received the information, according to an update to Security Explorations’s bug reporting status page but has not confirmed the flaws.”