News

Exploit code circulates for Sun's Java

Antony Savvas

A number of reported vulnerabilities in Sun Microsystems’ Java Runtime Environment (JRE) can now be exploited in the wild as a result of code circulated on the internet.

The JRE software allows Javascript code to be run on operating systems, including Windows, Linux and Unix.

Sun has already issued patches to close the security holes, but users who have not updated their systems are now vulnerable to the exploit code now said to be circulating.

Internet security firm Secunia issued a report about the flaws at the end of last year.

It said that two errors existed in the JRE which can be exploited by malicious, untrusted applets to allow attackers to read and write local files or to execute local applications.

In addition, Secunia said that two errors related to serialisation existed in the JRE, which could be exploited by a malicious, untrusted applet to elevate privileges.

Users should update their JRE software to the latest version to avoid problems, said Secunia.

Sun promises open source Java

Comment on this article: computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy