Sun Microsystems has patched serious security holes in its Java Runtime Environment (JRE), that allow remote attackers to execute arbitrary code on users' systems.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The JRE is code used to execute Java applets on local systems and is one of the most widely used client software products. JRE is also used on mobile devices, including smartphones.
The bugs affect the Windows, Unix and Linux operating systems and also the Java Software Development Kit (SDK).
Sun has patched three vulnerabilities in JRE, which all have the potential to allow a specially crafted Java applet, which could for instance be embedded in a web page, to extend its privileges on a system.
Such an applet could be used to read and write local files and execute applications, using the infected user's privileges.
Internet security company Secunia has classed the JRE vulnerabilities as "highly critical".
These latest vulnerabilities are similar to a JRE security hole that was patched 12 months ago by Sun.