Adam Gowdiak has reported a new unpatched security vulnerability in JAVA that affects all Java versions. The vulnerability allows attackers to completely bypass the language’s sandbox to access the underlying system. Java 7 Update 21 contains 42 new security fixes for Oracle Java SE. A majority of these flaws are browse-to a-hacked-site-and-get-infected vulnerabilities. According to Oracle, 39 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Source: https://thehackernews.com/2013/04/unfixed-reflection-api-vulnerability.html