Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Windows Affected by Severe Java Flaws! Patch Now!

It could be worse, but not by much!

By Alexandru Dumitru, Security News Editor

5th of October 2007, 08:50 GMT

Adjust text size:



Enlarge picture
Researchers have disclosed multiple vulnerabilities in the Sun Java JRE. These could have been exploited by malicious users to wreak havoc on one's machine; fortunately, they've already been patched. The flaws would affect Windows, Solaris and Linux users. They have been dubbed "highly critical" by Secunia experts, so it is advised to patch up as fast as possible,
if you don't wish to be open to hacker attacks.

Take this seriously, as it can lead not only to exposure of your system or sensitive information, but also to data manipulation, and even worse, to security bypass and system access. The affected software is Sun Java JDK 1.5.x, 1.6.x, Sun Java JRE 1.3.x, 1.4.x, 1.5.x/5.x, 1.6.x/6.x and Sun Java SDK 1.3.x and 1.4.x.

As Secunia informs us, there are many threats posed by the flaws: multiple unspecified errors in the Java Runtime Environment can be exploited by e.g. a malicious applet or by using Java APIs to establish network connections to certain services on machines other than the originating host. Also, multiple unspecified errors in Java Web Start can be exploited by a malicious applet to read/write local files or determine the location of the Java Web Start cache. Furthermore, an unspecified error in the Java Runtime Environment can be exploited to move or copy arbitrary files on the system by e.g. tricking a user into dragging and dropping a file from an applet to a desktop application that has the proper permissions. Surely, all this techie information from Secunia is useful, but what you need to do is stop gazing into the screen and start updating, if you are affected.

So, here are the links that might interest you: on Sun's blog you can find JDK and JRE 6 Update 3
JDK and JRE 5.0 Update 13 SDK and JRE 1.4.2_16
SDK and JRE 1.3.1 for Solaris 8

Also, here are the original advisories from Sun:

Security Vulnerability in Java Runtime Environment With Applet Caching May Allow Network Access Restrictions to be Circumvented
Security Vulnerabilities in Java Runtime Environment May Allow Network Access Restrictions to be Circumvented
Multiple Security Vulnerabilities in Java Web Start Relating to Local File Access
An Untrusted Java Web Start Application or Java Applet May Move or Copy Arbitrary Files by Requesting the User to Drag and Drop a File from Application or Applet Window to a Desktop Application.

After you click the link, you need to agree to what they ask you, in order to view the advisory. Have you patched yet?

TAGS:

 Sun | Java | Vulnerabilities


Rating:
Fair (2.8/5) 5 vote(s) so far    

Read by 618 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Java on All New PCs

Sun to Open Source Java

Vulnerability Discovered in Sun Java System

Java Is Vulnerable Due to Gif Images

Sun Announces Support for the Next Generation Mobile Java Platform

Sun Offers Java to the OpenJDK Community

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive