It’s just a proof of concept for now, but a newly revealed Java vulnerability could have very widespread repercussions.
Security research company Security Explorations has issued a description of a new critical security flaw in Java SE 5 build 1.5.0_22-b03, Java SE 6 build 1.6.0_35-b10, and the latest Java SE 7 build 1.7.0_07-b10. This error is caused by a discrepancy with how the Java virtual machine handles defined data types (a type-safety error) and in doing so violates a fundamental security constraint in the Java runtime, allowing a complete bypass of the Java sandbox.
Security Explorations conducted tests on a fully patched Windows 7 machine, and was able to exploit the bug using the Java plugin in the latest versions of most popular browsers (Internet Explorer, Firefox, Chrome, Safari, and Opera). While the error was only tested on Windows 7 32-bit, being in Java means it is not limited to the Windows platform and will affect anyone with Java installed on their systems, be it Windows, Linux, Mac, or Solaris.