When Java source code is compiled, it is converted into bytecode, saved in one or more class files, and executed by the Java Virtual Machine (JVM). Java class files may be compiled on one machine and executed on another machine. A properly-generated class file is said to be conforming. When the JVM loads a class file, it has no way of knowing whether the class file is conforming. The class file could have been created by some other process, or a malicious hacker an attacker could tamper with a conforming class file.
...
Users often assume that Java class files obtained from a trustworthy source will be conforming and, consequently, safe for execution. This belief may can erroneously lead them to see bytecode verification as a superfluous activity for such classes. Consequently, they may could disable bytecode verification, and thus undermine undermining Java's safety and security guarantees.
...