Sun Microsystems Inc. has released updates to correct nearly two dozen critical flaws in the Sun Java Runtime Environment that could be exploited remotely by an attacker to bypass security, gain access to critical files or conduct a denial-of-service attack.
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
 |
||||
|
|
|||
|
||||
Errors in the runtime environment could be exploited to write malicious Java Archive (JAR) files and multiple image processing errors could result in buffer overflows. Flaws can also be exploited by an attacker to establish a network connection to download more malware.
There are also multiple flaws in the Java Web Start application. Java Web Start allows users to start Java applications directly from a browser. To exploit the flaws, an attacker has to pass a malicious file through the application. A successful attack could give the attacker the ability "to read, write or execute local files with the privileges of the user running the application," according to an advisory issued by the Danish vulnerability clearinghouse Secunia. Secunia gave the flaws a highly critical rating.
Other errors in Java Web Start can give an attacker the ability to modify system properties and hijack HTTP sessions, Sun said in multiple advisories.
Sun issued updates to its runtime environment and Java SE Development Kits (JDK) to correct the flaws.