A number of reported vulnerabilities in Sun Microsystems’ Java Runtime Environment (JRE) can now be exploited in the wild as a result of code circulated on the internet.
Sun has already issued patches to close the security holes, but users who have not updated their systems are now vulnerable to the exploit code now said to be circulating.
Internet security firm Secunia issued a report about the flaws at the end of last year.
It said that two errors existed in the JRE which can be exploited by malicious, untrusted applets to allow attackers to read and write local files or to execute local applications.
In addition, Secunia said that two errors related to serialisation existed in the JRE, which could be exploited by a malicious, untrusted applet to elevate privileges.
Users should update their JRE software to the latest version to avoid problems, said Secunia.
Comment on this article: firstname.lastname@example.org