The jdk.zipfs module is granted permission to read all system properties in lib/security/default.policy. However, from a scan of the code, it appears to only read the "os.name" system property.

The permissions should be tightened to only grant reading of the specific properties it needs.