Java patched at least 4 bugs

Immunity products claims oracle patched multiple 0day security holes (not just one) in the recent update.


While doing some fast analysis (keep in mind we only spent an hour and half on it), we find out that they patched at least 4 vulnerabilities in the Java code base: The two used by the Gondvv worm and two more on difference pieces of code.

These 2 vulnerabilities were located in com.sun.beans.finder.ConstructorFinder and com.sun.beans.finder.FieldFinder and the underlying issue was the same “a trusted immedate caller”.