Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under
Security

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Java.com Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.

Source.

More in Tux Machines

Native Netflix, Ts'o on Systemd, and Fedora 21 Alpha a Go

In today's Linux news OMG!Ubuntu! is reporting that Netflix is coming to Linux, this time natively. Jack Germain reviews Opera 12.16. Steven J. Vaughan-Nichols talks to Theodore Ts'o about systemd. A preview of new Kmail show radical redesign. And finally today, Fedora 21 Alpha was approved for release! Read more

Ubuntu gets closer to debut in Meizu MX4 phone

The Ubuntu project announced a stable build for Ubuntu Touch phones, a week after Meizu tipped an Ubuntu version of the Meizu MX4 phone due in December. The Ubuntu for Phones team at the Canonical’s Ubuntu Project announced the arrival of the first image from the Ubuntu-rtm (release to manufacturing) distribution for phones. The announcement followed last week’s tease from Meizu, saying a version of the Android-based Meizu MX4 was on schedule for shipping with Ubuntu in December. Read more

Android L Will Keep Your Secrets Safer

Hard on the heels of increased security measures in Apple's newly released iOS 8, Google this week confirmed that encryption will be turned on by default in the next release of Android. Android has offered encryption for more than three years, and keys are not stored off the device, so they can't be shared with law enforcement, Google said. In the next Android release, encryption will be enabled by default. Read more

WHAT THE GNOME RELEASE TEAM IS DOING

At the release team BoF at this years Guadec, I said I would write a blog post about the whats and hows and ifs of release team work. I’m a little late with this, but here it is: a glimpse into the life of a GNOME release team member. We are in the end phase of the development cycle, when the release team work is really kicking into high gear. Read more