Serial Java fault-finder Adam Gowdiak has embarrassed Oracle yet again. The Polish researcher publicly bragging about two brand-new vulnerabilities hes found even since the most recent patch just a week ago. He hit the headlines last year when he reported a vulnerability, waited for Oracle’s response, and then upped the ante with a comeback vuln. He implies that although it locked the office door in update 7u11, Oracle left the entrance to the building open, which he considered as good as an invitation to find another way in.”]
Source: https://nakedsecurity.sophos.com/2013/01/20/java-hacker-boasts-of-finding-two-more-unpatched-holes/