Latest Java Update Broken; Two New Sandbox Bypass Flaws Found

“We have successfully confirmed that a complete Java security sandbox bypass can be still gained under the recent version of Java 7 Update 11,” Java security researcher Adam Gowdiak of Security Explorations in Poland wrote a short while ago on the Full Disclosure mailing list.

Since then, calls to disable or abandon Java have gotten louder. Experts argue that few websites require the Java browser plug-in at the core of so many security issues, and that users would hardly lose any functionality online without running Java.