Sun Microsystems has patched serious security holes in
its Java Runtime Environment (JRE), that allow remote attackers to
execute arbitrary code on users' systems.
The JRE is code used to execute Java applets on local systems
and is one of the most widely used client software products. JRE is
also used on mobile devices, including smartphones.
The bugs affect the Windows, Unix and Linux operating systems
and also the Java Software Development Kit (SDK).
Sun has patched three vulnerabilities in JRE, which all have the
potential to allow a specially crafted Java applet, which could for
instance be embedded in a web page, to extend its privileges on a
system.
Such an applet could be used to read and write local files and
execute applications, using the infected user's privileges.
Internet security company Secunia has classed the JRE
vulnerabilities as "highly critical".
These latest vulnerabilities are similar to a JRE security hole
that was patched 12 months ago by Sun.