[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack

To: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack
From: Security Explorations <contact@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 29 Aug 2012 23:20:10 +0200

On 2012-08-29 23:04, Tim wrote:
> Based on the details released so far about the exploit in the wild,
> how likely do you think it is that your research may have been leaked?

Currently, it looks more like an independent work than a leak to me.
The way in which SunToolkit class and its getField method is used
to achieve a complete JVM sandbox bypass is different from what was
demonstrated to Oracle (different exploitation path).

Thanks.

-- 
Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack
  - From: Security Explorations
- Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack
  - From: Tim

Prev by Date: Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack
Next by Date: [Full-disclosure] [SE-2012-01] New security issue affecting Java SE 7 Update 7
Previous by thread: Re: [Full-disclosure] [SE-2012-01] information regarding recently discovered Java 7 attack
Next by thread: [Full-disclosure] [SE-2012-01] New security issue affecting Java SE 7 Update 7
Index(es):
- Date
- Thread