You disclosed that the bug allows attackers to violate a fundamental security constraint of a Java Virtual Machine (type safety). What could an attacker do by exploiting newest Java vulnerability?The new bug is more dangerous than the last one, to protect yourself against attacks it's best to disable the Java plug-in until Oracle issues a patch.
Gowdiak: A malicious Java applet or application exploiting this new issue could run unrestricted in the context of a target Java process such as a web browser application. An attacker could then install programs, view, change, or delete data with the privileges of a logged-on user.
Java hit by yet another dangerous vulnerability
Posted on Wednesday, September 26 2012 @ 18:52 CEST by Thomas De Maesschalck