An unspecified issue related to ObjC code was discovered in the Hotspot component of OpenJDK when use on the Apple MacOS X platform. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. This issue was platform specific and did not affect Linux OpenJDK packages. Statement: Not vulnerable. This issue did not affect the versions of OpenJDK and Oracle JDK as shipped with Red Hat Enterprise Linux 5 and 6.
Public now via Oracle CPU January 2014. Fixed in Oracle JDK 7u51. External References: http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html