Full Disclosure mailing list archives

Re: [SE-2012-01] information regarding recently discovered Java 7 attack

From: Security Explorations <contact () security-explorations com>
Date: Wed, 29 Aug 2012 23:20:10 +0200


On 2012-08-29 23:04, Tim wrote:

Based on the details released so far about the exploit in the wild,
how likely do you think it is that your research may have been leaked?


Currently, it looks more like an independent work than a leak to me.
The way in which SunToolkit class and its getField method is used
to achieve a complete JVM sandbox bypass is different from what was
demonstrated to Oracle (different exploitation path).

Thanks.

-- 
Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 28)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
  - Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
    - Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
    - Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jacqui Caren (Aug 30)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Tim (Aug 29)
  - Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
    - Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 31)
- [SE-2012-01] New security issue affecting Java SE 7 Update 7 Security Explorations (Aug 31)