Oracle Java SE Runtime Environment Concurrency Component Vulnerability Allowing Sandbox Bypass and Denial-of-Service

A vulnerability in the Java Runtime Environment (JRE) component of Oracle Java SE has been identified, specifically in versions 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier. This vulnerability relates to the AtomicReferenceArray class, which does not properly verify that the array is of the expected Object[] type. As a result, remote attackers could exploit this flaw to cause a denial-of-service by crashing the Java Virtual Machine or to bypass Java's sandbox restrictions, which are designed to limit the capabilities of untrusted code.

Impact

Exploitation of this vulnerability can lead to a crash of the Java Virtual Machine or a bypass of Java's sandbox restrictions, allowing untrusted code to execute with greater privileges.

Reproduction

The vulnerability can be reproduced by using an untrusted Java application or applet that manipulates an AtomicReferenceArray object. The application or applet can be delivered through a web browser or via Java Web Start, taking advantage of the insufficient type check to cause a JVM crash or to escape the sandbox's security constraints.

Remediation

Users can upgrade to Oracle Java SE 7 Update 3, 6 Update 31, or 5.0 Update 34. Instructions for downloading these versions are available on the Oracle website.