According to a posting yesterday by Adam Gowdiak of Security Explorations to Full Disclosure, Java 7 Update 11 (CVE-2013-0422) is still vulnerable as [...] a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11 (JRE version 1.7.0_11-b21).
The MBeanInstantiator bug hasnt yet been addressed. Yesterday, Security Exploration reported two more vulnerabilities to Oracle along with Proof of Concept code (issue 50 and 51) .
We received several comments from our readers after the patch was released , how many of you have followed CERTs advice to disable Java content in their web browsers after they updated to 7u11? Please take a minute to answer our poll, What is your main concern about Java?
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
I will be teaching SEC 503 in Toronto this coming June
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.