14 DAY TRIAL // Researchers have disclosed multiple vulnerabilities in the Sun Java JRE. These could have been exploited by malicious users to wreak havoc on one's machine; fortunately, they've already been patched. The flaws would affect Windows, Solaris and Linux users. They have been dubbed "highly critical" by Secunia experts, so it is advised to patch up as fast as possible, if you don't wish to be open to hacker attacks.
Take this seriously, as it can lead not only to exposure of your system or sensitive information, but also to data manipulation, and even worse, to security bypass and system access. The affected software is Sun Java JDK 1.5.x, 1.6.x, Sun Java JRE 1.3.x, 1.4.x, 1.5.x/5.x, 1.6.x/6.x and Sun Java SDK 1.3.x and 1.4.x.
As Secunia informs us, there are many threats posed by the flaws: multiple unspecified errors in the Java Runtime Environment can be exploited by e.g. a malicious applet or by using Java APIs to establish network connections to certain services on machines other than the originating host. Also, multiple unspecified errors in Java Web Start can be exploited by a malicious applet to read/write local files or determine the location of the Java Web Start cache. Furthermore, an unspecified error in the Java Runtime Environment can be exploited to move or copy arbitrary files on the system by e.g. tricking a user into dragging and dropping a file from an applet to a desktop application that has the proper permissions. Surely, all this techie information from Secunia is useful, but what you need to do is stop gazing into the screen and start updating, if you are affected.
So, here are the links that might interest you: on Sun's blog you can find JDK and JRE 6 Update 3 JDK and JRE 5.0 Update 13 SDK and JRE 1.4.2_16 SDK and JRE 1.3.1 for Solaris 8
Also, here are the original advisories from Sun:
■ Security Vulnerability in Java Runtime Environment With Applet Caching May Allow Network Access Restrictions to be Circumvented ■ Security Vulnerabilities in Java Runtime Environment May Allow Network Access Restrictions to be Circumvented ■ Multiple Security Vulnerabilities in Java Web Start Relating to Local File Access ■ An Untrusted Java Web Start Application or Java Applet May Move or Copy Arbitrary Files by Requesting the User to Drag and Drop a File from Application or Applet Window to a Desktop Application.
After you click the link, you need to agree to what they ask you, in order to view the advisory. Have you patched yet?