...
This method delegates the task of dynamically loading the specified class to the Class.forName() method. The forName() method only checks the immediate caller and uses its trusted state to return a Class object of a potentially sensitive class.delegates the work of loading the class to its calling method's class loader. Since the calling method was MBeanInstantiator.loadClass(), the core class loader is used, which provides no security checks.
Compliant Solution (CVE-2013-0422)
...
While this method is called in the context of an applet, it uses Class.forName() to obtain the requested class. And Class.forName() only validates that the calling class is allowed to access the class delegates the search to the calling method's class loader. In this case the calling class (com.sun.beans.finder.ClassFinder) is indeed allowed, even though it acts on behalf of the malicious GetClass methodis part of core Java, so the trusting class loader is used, instead of the more paranoid applet class loader.
Compliant Solution (CVE-2012-4681)
...