Sun Microsystems addresses critical Java flaws

Powered by SC Magazine
 

Sun Microsystems has released product updates to correct several "highly critical" vulnerabilities in its Java programming environment.

The bugs could be exploited to cause a variety of problems, including a denial-of-service attack, the bypassing of certain security restrictions or to compromise a vulnerable system, according to Secunia, a Copenhagen-based leading vulnerability intelligence provider.

The vulnerabilities affect the Java Runtime Environment Virtual Machine, the Java Runtime Environment (JRE), Java Web Start and the Java Plug-in, Secunia said in an advisory on Thursday.

For instance, a pair of flaws in the Java Runtime Environment Virtual Machine can be exploited by a malicious, untrusted applet to read and write files and execute applications locally, according to Secunia. In some circumstances, a bug in JRE can be exploited by untrusted applets or applications to read certain URL resources or potentially execute arbitrary code, thus taking over the computer.

Among the Java Web Start flaws are three boundary errors that can be exploited by an untrusted Java Web Start application to read and write local files and execute local applications. Another bug could be exploited to create files and run applications with the privileges of the user running the untrusted Java Web Start application. Also, a boundary error in Java Web Start could cause a stack-based buffer overflow when a user visits a malicious website.

Other bugs in the Java Runtime Environment could crash the application or allow JavaScript code within a browser to make connections through Java APIs to network services on the local system, Secunia said.

Sun recommends users should upgrade to the following versions: JDK and JRE 6 Update 5; JDK and JRE 5.0 Update 15, and the SDK and JRE 1.4.2_17.

Sun Microsystems did not respond to request for comment.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


Sun Microsystems addresses critical Java flaws
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  3%
 
A Federal Government agency (ATO, Centrelink etc)
  19%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1864

Vote
Do you support the abolition of the Office of the Information Commissioner?