Dangerous Java flaws could expose sensitive data Staff

Sun Microsystems Inc. has released updates to correct nearly two dozen critical flaws in the Sun Java Runtime Environment that could be exploited remotely by an attacker to bypass security, gain access to critical files or conduct a denial-of-service attack.

    Requires Free Membership to View
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Errors in the runtime environment could be exploited to write malicious Java Archive (JAR) files and multiple image processing errors could result in buffer overflows. Flaws can also be exploited by an attacker to establish a network connection to download more malware.

There are also multiple flaws in the Java Web Start application. Java Web Start allows users to start Java applications directly from a browser. To exploit the flaws, an attacker has to pass a malicious file through the application. A successful attack could give the attacker the ability "to read, write or execute local files with the privileges of the user running the application," according to an advisory issued by the Danish vulnerability clearinghouse Secunia. Secunia gave the flaws a highly critical rating.

Other errors in Java Web Start can give an attacker the ability to modify system properties and hijack HTTP sessions, Sun said in multiple advisories.

Sun issued updates to its runtime environment and Java SE Development Kits (JDK) to correct the flaws.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: