Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under
Security

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Java.com Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.

Source.

More in Tux Machines

Leftovers: Screenshots

Quad-core media player runs Kodi/XBMC on OpenElec Linux

SolidRun’s tiny, $100 “CuBoxTV” media player runs OpenElec Linux and Kodi (formerly XBMC) on a quad-core i.MX6 SoC, and offers 100Mbps+ video decoding. The CuBoxTV is the first Freescale i.MX6 based media player to run the Kodi (formerly XBMC) multimedia distribution, says Israel-based SolidRun. CuBoxTV is closely based on the company’s latest i.MX6 based CuBox mini-PC, which now sells for $80 to $140, depending on the number of Cortex-A9 i.MX6 cores and other features. The CuBoxTV, which is available only with the quad-core i.MX6 SoC, goes for a sale price of $100. Read more

Canonical Is Still Considering Turning the Phone into a Mini-PC

Canonical is working to complete their idea of convergence with the launch of Ubuntu Touch, a new operating system for mobile devices. The desktop flavor of Ubuntu will eventually share the same code with the mobile one, and their plans go even further than that. Read more

Bq Introduces More Android Devices, But Still No Ubuntu Phones

Bq held a media event today where many were hoping the first Ubuntu Phone would be officially unveiled, but that was not the case with Ubuntu receiving no mentions during the event. Bq is one of Canonical's first two Ubuntu Phone partners and they had plans to ship the first Ubuntu Phone by the end of 2014. The other phone partner, Meizu, has previously said the MX4 with Ubuntu Touch would come in December. Read more