Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under
Security

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Java.com Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.

Source.

More in Tux Machines

systemd 225 Adds 'su' Replacement, Saving of Private-Zone DHCP Options

The systemd development team, through David Herrmann, had the pleasure of announcing the release and immediate availability for download of the systemd 225 open-source, next-generation init system for GNU/Linux distributions. Read more

Interviews with FLOSS developers: Elena Grandi

One of fresh additions to Debian family, and thus wider FLOSS family is Elena Grandi. She is from realms of Valhalla and is setting her footprint into the community. A hacker mindset, a Free software lover and a 3D printing maker. Elena has big dedication to make the world free and better place for all. She tries to push limits on personal level with much care and love, and FLOSS community will benefit from her work and way of life in future. So what has the Viking lady to say about FLOSS? Meet Elena "of Valhalla" Grandi. Read more

Jide Remix Mini Android PC to ship in October

Google Android is an operating system that was originally designed for smartphones, but these days it also supports tablets, TVs, smartwatches, and more. It’s not really designed to replace a desktop operating system like Windows or Ubuntu, but there have been a number of attempts to modify the open source Android operating system to make it feel more like a desktop OS. This year Chinese startup Jide launched Remix OS, which a version of Android with a taskbar, support for multi-window apps, and other desktop-style features. Read more

Leaked BlackBerry ‘Venice’ photos show Android-powered QWERTY slider in the flesh

If there has been one thing missing from the Android smartphone market over the past few years, it’s a great device with a physical keyboard. In fact, ever since the T-Mobile G2 (HTC Desire Z) hit the market in 2010, there’s been nothing worth paying attention to. That’s why — to me — the rumored BlackBerry Venice is the most exciting phone of the year so far. At least, the most exciting unreleased phone of the year. As each week goes by, the chances of it becoming a real product get stronger. For the first time, the Android-powered BlackBerry has been shown of in real, leaked hands-on photos. Read more