Exploit code circulates for Sun's Java

News

Exploit code circulates for Sun's Java

Antony Savvas

A number of reported vulnerabilities in Sun Microsystems’ Java Runtime Environment (JRE) can now be exploited in the wild as a result of code circulated on the internet.

The JRE software allows Javascript code to be run on operating systems, including Windows, Linux and Unix.

Sun has already issued patches to close the security holes, but users who have not updated their systems are now vulnerable to the exploit code now said to be circulating.

Internet security firm Secunia issued a report about the flaws at the end of last year.

It said that two errors existed in the JRE which can be exploited by malicious, untrusted applets to allow attackers to read and write local files or to execute local applications.

In addition, Secunia said that two errors related to serialisation existed in the JRE, which could be exploited by a malicious, untrusted applet to elevate privileges.

Users should update their JRE software to the latest version to avoid problems, said Secunia.

Sun promises open source Java

Comment on this article: computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy