The security company ‘Security Explorations’ has uncovered what it claims are vulnerabilities in the Google App engines for Java.
The team was able to bypass the existing Java security settings completely and the organisation has since released the full details of these flaws (including proof), after it has claimed that Google has ignored the security vulnerabilities and warnings.
This has followed from a series of incidents in 2014, where Google suspended the company’s access to its Google Java platform over the research that the company was undertaking.
When describing the reasons for making these vulnerabilities public, the Security Explorations blog states that:
“It’s been 3 weeks and we haven’t heard any official confirmation / denial from Google with respect to [the issues]. It should not take more than 1-2 business days for a major software vendor to run the received POC, read our report and / or consult the source code. This especially concerns the vendor that claims its “Security Team has hundreds of security engineers from all over the world”
They continued: “Instead of playing a catch and mouse game with Google, we decided to inform the public about the existence of our Google App Engine project and reveal some brief information about the results obtained so far.”
Google has not yet commented.