Kotlin : SecurityManager checks bypass

The application allows insecure method calls from untrusted code. Calling newUpdater, getBundle, getConnection, loadLibrary, and some other methods from untrusted code allows an attacker to access the restricted package and execute arbitrary code.

Java API, which allows to execute code with the calling party class loader, should be used with caution. Such actions bypass SecurityManager security mechanisms, which check the presence of sufficient privileges throughout the call chain. Security checks limited to the immediate caller can lead to privilege escalation, that is to a situation where an element in the call chain gains access to a resource without having sufficient privileges. Therefore, the aforementioned API should not be used for untrusted code.

A possible attack scenario:

1. The application accepts data from an untrusted source as input.
2. Security critical API call that uses the class loader of the immediate caller is performed from untrusted code.
3. Untrusted code gets an opportunity to overwrite the privileges of its own class loader and access the resources with the caller’s credentials.