A Polish security firm discovered two new vulnerabilities to add to this year's list of Java zero day bugs. The two newly found vulnerabilities are referred to as “issue 54” and “issue 55." Apparently, one of the flaws fixed in Oracle’s
recent patches for Java is under attack and when that bug is
paired with another, separate vulnerability, the sandbox in the latest
build of Java can be bypassed. There is already code being distributed to exploit the vulnerability. On the plus side, it appears that the vulnerability only affects Java’s
SE 7 software and is associated with a problem with Java Reflection API. Speaking of Java zero-day vulnerabilities, SecurityObscurity has a post dedicated to CVE-2013-0422.
