On Wed, Aug 29, 2012 at 5:20 PM, Security Explorations <[email protected]> wrote: > > On 2012-08-29 23:04, Tim wrote: >> Based on the details released so far about the exploit in the wild, >> how likely do you think it is that your research may have been leaked? > > Currently, it looks more like an independent work than a leak to me. > The way in which SunToolkit class and its getField method is used > to achieve a complete JVM sandbox bypass is different from what was > demonstrated to Oracle (different exploitation path). A good explaination of the vulnerability is here: "The new Java 0Day examined," http://www.h-online.com/security/features/The-new-Java-0day-examined-1677789.html.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
