News Stay informed about the latest enterprise technology news and product updates.

Dangerous Java flaws could expose sensitive data

Errors in Sun Java could be exploited by an attacker to bypass security, gain access to critical files or conduct a denial-of-service attack.

Sun Microsystems Inc. has released updates to correct nearly two dozen critical flaws in the Sun Java Runtime Environment...

that could be exploited remotely by an attacker to bypass security, gain access to critical files or conduct a denial-of-service attack.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Errors in the runtime environment could be exploited to write malicious Java Archive (JAR) files and multiple image processing errors could result in buffer overflows. Flaws can also be exploited by an attacker to establish a network connection to download more malware.

There are also multiple flaws in the Java Web Start application. Java Web Start allows users to start Java applications directly from a browser. To exploit the flaws, an attacker has to pass a malicious file through the application. A successful attack could give the attacker the ability "to read, write or execute local files with the privileges of the user running the application," according to an advisory issued by the Danish vulnerability clearinghouse Secunia. Secunia gave the flaws a highly critical rating.

Other errors in Java Web Start can give an attacker the ability to modify system properties and hijack HTTP sessions, Sun said in multiple advisories.

Sun issued updates to its runtime environment and Java SE Development Kits (JDK) to correct the flaws.

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.