14 DAY TRIAL // Java is a runtime environment that allows you to run software solutions and multiple applets that are based on Java technology. Almost every user has the Java solution installed on his computer so it's obvious this is a very popular product.
Because I'm sure you have already installed Java, you should know that a security flaw was discovered in multiple versions that can allow an attacker compromise an affected system. Security company Secunia posted an advisory on its site to announce the vulnerability, rating it as highly critical, one of the highest security ratings.
"Two errors exist in the Java Runtime Environment, which can be exploited by malicious, untrusted applets to read and write local files, or to execute local applications. Two errors related to serialisation exist in the Java Runtime Environment, which can be exploited by a malicious, untrusted applet to elevate its privileges," Secunia said.
Sun Microsystems confirmed the vulnerability and issued an advisory meant to provide more details about the security flaw. The company said the affected applications are JDK and JRE 5.0 Update 7 and prior, SDK and JRE 1.4.2_12 and prior,SDK and JRE 1.3.1_18 and prior.
"Two buffer overflow vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet," Sun also added.
If you want to read more information about this new security flaw or if you're interested in the solution provided by the company for fixing the vulnerability, you can follow this link.