Wow, that's serious. We've seen sandbox breakouts from time to time, but the fact that an unsigned Java applet can access the floppy drive is definitely a sign of insecurity that can reach critical proportions. That's quite a heavy blow to Java's security. But ultimately, it's not surprising: even though the virtual machine specification assumes the sandbox is secure, there are always implementations behind it that can have errors at the Java level or even at the actual machine level (in the implementation of the virtual machine itself).
And the fact that the computer had to be rebooted after the applet, and that access to physical media is possible, suggests that there's such a deep-rooted implementation problem here.
Technologies don't simply become secure through specification and claims...
You can find the original article at heise online news here: the original article.