Sun Squashes Critical Java Bugs
The company patches code-execution flaws in the Sun Java Runtime Environment and Java Web Start technologies.Network computing giant Sun Microsystems has rolled out patches for a pair of "highly critical" flaws in the Sun JRE (Java Runtime Environment) sandbox and the Java Web Start technology. The Santa Clara, Calif.-based company said the bugs can be exploited by a malicious hacker to execute arbitrary code on vulnerable systems. The more serious of the two vulnerabilities, which affects the Java Runtime Environment, may allow an untrusted applet to elevate its privileges.
"For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet," the company said in a published advisory.
Affected releases include Java Web Start in J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux.Sun recommends that users disable Java Web Start applications from being launched from a Web browser. Instructions for the browser workaround and information on patching are available on Suns Web site. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.