Unrestricted deserializing from a privileged context allows an attacker to supply crafted input which, upon deserialization, can yield objects that the attacker does not have permissions to construct. Construction of a custom class loader is one example (See SEC07SEC12-J. Do not grant untrusted code access to classes existing in forbidden packages and SEC11-J. Do not allow unauthorized construction of classes in forbidden packages).
...
This vulnerability was fixed in JDK v1.6 u11 by defining a new AccessControlContext INSTANCE, with a new ProtectionDomain. The ProtectionDomain encapsulated a RuntimePermission called accessClassInPackage.sun.util.calendar. Consequently, the code was granted the minimal set of permissions required to access the sun.util.calendar class. This whitelisting approach guaranteed that a security exception would be thrown in all other cases of invalid access. Refer to SEC07SEC12-J. Do not grant untrusted code access to classes existing in forbidden packages for more details on allowing or disallowing access to packages.
...