
[SE-2012-01] Broken Security Fix in Oracle Java SE 7/8/9 - yuhong
http://seclists.org/fulldisclosure/2016/Mar/31
======
yuhong
Java 6 had plenty of security problems, but I do think some of the new
features in Java 7 were probably poorly designed. In this case the new Java 7
feature involved is called "method handles". The attack is called "class
spoofing" I think.

