A pair of vulnerabilities in the Sun Java Plug-In technology could put users at risk of system bypass attacks, Sun Microsystems Inc. confirmed Thursday.
A second bug may allow an untrusted applet to inappropriately interfere with another applet in the same Web page, the company said, noting that the interference may cause the applet to incorrectly load non-code resources such as files and Web pages.
The Java Plug-in technology is included as part of the Java 2 Runtime Environment, Standard Edition (JRE). It is used to establish a connection between popular browsers and the Java platform, allowing applets on Web sites to be run within a browser on the desktop.
Independent security research firm Secunia rates the flaws as "extremely critical," and it is urging users to apply the vendor patches immediately.
Affected products include Sun Java JRE 1.3.x, Sun Java JRE 1.4.x, Sun Java SDK 1.3.x and Sun Java SDK 1.4.x.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.