Windows, Linux, and Solaris operating system users are
at risk from a range of critical vulnerabilities in Sun's
widely-used Java Runtime Environment.
Java Runtime Environment (JRE) provides the minimum code needed
to run Java applications or applets, which are deployed by websites
and launched from within a browser.
Sun said the flaws are due to errors in "reflection" APIs
(application programming interfaces), and can be used by attackers
to take over systems using maliciously-crafted applets to read and
write files on a compromised system's hard drive.
Several editions of JRE are threatened by the bugs. These
include JRE 1.3.1_16 and earlier, JRE 1.4.2_09 and earlier, and JRE
5.0 Update 4 and earlier.
Sun recommends that users update to newer versions of JRE.
Alternatively, users can now download JRE 5.0 Update 6 to get
around the problem.
Internet security firm Secunia said the vulnerabilities were
potentially critical.