<p>Security researchers from Polish vulnerability research firm Security Explorations claim to have identified a new vulnerability in Java 7 that could allow attackers to bypass the software's security sandbox and execute arbitrary code on the underlying system.</p><p>The vulnerability was reported Thursday to Oracle along with proof-of-concept (PoC) exploit code, said Adam Gowdiak, the CEO and founder of Security Explorations, in a message to the Full Disclosure mailing list.</p><p>According to Gowdiak, the vulnerability is located in the Reflection API (application programming interface), a feature that was introduced in Java 7 and which has been the source of many critical Java vulnerabilities so far. Security Explorations confirmed that its PoC exploit code works against Java SE 7 Update 25 and earlier versions, he said.</p><p>The new issue identified by Security Explorations can allow hackers to implement a "classic" attack that has been known for at least 10 years, Gowdiak said.</p><p><a href="http://www.computerworld.co.nz/article/521385/new_vulnerability_found_java_7_opens_door_10-year-old_attack_researchers_say/">Keep reading...</a></p>