Oh no, not again! Adam Gowdiak of the Security Explorations research team has been hard at work, looking for holes in the latest Java (7u15). Here’s a quote from Mr. Gowdiak’s alert email:

We had yet another look into Oracle’s Java SE 7 software that was released by the company on Feb 19, 2013. As a result, we have discovered two new security issues (numbered 54 and 55), which when combined together can be successfully used to gain a complete Java security sandbox bypass in the environment of Java SE 7 Update 15 (1.7.0_15-b03).

Gowdiak has submitted his findings to Java’s developers, but there has been no official confirmation from Oracle/Sun as yet. Still, I’m cautioning Java users – especially those of us who have Java enabled in our web browsers – to exercise extreme caution, and flagging Java 7u15 as possibly vulnerable.

Ars Technica has more details.