Two of the items Secure Exploration found could be affecting Java SE 6 as well, he said.
“The attack breaks a couple of security checks introduced to Java SE by Oracle over the recent months,” Gowdiak added. “It also exploits code fragments that were missing proper security checks corresponding to the very mirror code.
Java patch problems remain says researchers
The discovery of the latest five vulnerabilities comes just a week after Security Exploration reported two other flaws in Oracle’s plug-in used to run Java applications in a browser.
Earlier, Oracle announced that it was speeding up its Java patch process particularly to address security issues regarding the Java Runtime Environment in desktop browsers.
In recent weeks, security experts have expressed concerns of Oracle’s ability to keep its software safe from attacks following a string of Java patch problems.
Early in February, the United States Department of Homeland Security even urged computer administrators and users to disable Java plug-ins in the browser because of a major vulnerability in the software.
Oracle immediately issued an emergency security update to Java 7. That emergency patch, however, failed to address two new vulnerabilities which could enable attackers to execute arbitrary code on computers.