Security research company Security Explorations has issued a description of a new critical security flaw in Java SE 5 build 1.5.0_22-b03, Java SE 6 build 1.6.0_35-b10, and the latest Java SE 7 build 1.7.0_07-b10. This error is caused due to the erroneous way in which the Java virtual machine handles existing data types and in doing so violates a fundamental security constraint in the Java runtime, allowing a complete bypass of the Java sandbox. More details after the break.
The exploit was discovered and reproduced on a fully updated 32-bit Windows 7 machine using the Java plugin in all major browsers. Since the issue is with Java runtime, all machines with Java installed are at risk no matter whether they are using Windows, Linux, Solaris or Mac.
So far there have been no reports of this exploit being used in any malware. However, just to be on the cautious side, if you do not use Java for any specific purpose you should then you should uninstall or disable it. If you are unsure whether or not you need Java, then you might also remove it and only install it when you identify the requirement.
