News

Sun patches critical JRE security holes

Antony Savvas

Sun Microsystems has patched serious security holes in its Java Runtime Environment (JRE), that allow remote attackers to execute arbitrary code on users' systems.

The JRE is code used to execute Java applets on local systems and is one of the most widely used client software products. JRE is also used on mobile devices, including smartphones.

The bugs affect the Windows, Unix and Linux operating systems and also the Java Software Development Kit (SDK).

Sun has patched three vulnerabilities in JRE, which all have the potential to allow a specially crafted Java applet, which could for instance be embedded in a web page, to extend its privileges on a system.

Such an applet could be used to read and write local files and execute applications, using the infected user's privileges.

Internet security company Secunia has classed the JRE vulnerabilities as "highly critical".

These latest vulnerabilities are similar to a JRE security hole that was patched 12 months ago by Sun.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy