...
Classes that are loaded by the bootstrap class loader have the permissions needed to call the static factory method Unsafe.getUnsafe(). Arranging to have an arbitrary class loaded by the bootstrap class loader without modifying the sun.boot.class.path system property can be difficult. However, an alternative way to gain access is to change the accessibility of the field that holds an instance of Unsafe through the use of reflection. This works only when permitted by the current security manager (which would violate guideline rule ENV04-J. Do not grant ReflectPermission with target suppressAccessChecks.) Given access to Unsafe, a call can throw an undeclared checked exception by calling the Unsafe.throwException() method.
...
Search for vulnerabilities resulting from the violation of this guideline rule on the CERT website.
Bibliography
...