<p>Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system.</p><p>The vulnerability was reported this week to Oracle along with proof-of-concept (PoC) exploit code, said Adam Gowdiak, the CEO and founder of Security Explorations, in a message to the Full Disclosure mailing list.</p><p>According to Gowdiak, the vulnerability is located in the Reflection API (application programming interface), a feature that was introduced in Java 7 and which has been the source of many critical Java vulnerabilities so far. Security Explorations confirmed that its PoC exploit code works against Java SE 7 Update 25 and earlier versions, he said.</p><p>The new issue identified by Security Explorations can allow hackers to implement a 'classic' attack that has been known for at least 10 years, Gowdiak said.</p><p><a href="http://www.macworld.com.au/news/new-vulnerability-found-in-java-7-opens-door-to-10-year-old-attack-researchers-say-102653/">Keep reading...</a></p>