...
By providing overridden implementations, an attacker can use untrusted code to glean sensitive information, run arbitrary code, or launch a denial of service attack.
See 10 MET52-J. Do not use the clone() method to copy untrusted method parameters for more specific details regarding overriding the Object.clone() method.
...