BusinessGreen > News > Hacking

Sun patches 'critical' Java flaws

Problems with JDK, JRE and SDK

Matt Chapman, vnunet.com, 05 Oct 2007

Sun Microsystems has patched a number of flaws in its Java products that affect users running Windows, Linux and Solaris.

Secunia rated the flaws as 'highly critical' in a security advisory because they could allow a remote attacker to bypass security, gain system access, expose system and sensitive information and manipulate data.

Vulnerabilities were reported in the Java Developer Kit, Java Runtime Environment 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, Software Developer Kit and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier.

Problems included multiple unspecified errors that could allow hackers to use malicious applets or APIs to establish network connections on machines other than the originating host.

Other errors in Java Web Start could also be exploited to read or write local files or find the location of the Java Web Start cache.

An unspecified JRE error could also be used to move or copy arbitrary files on the system.

Sun credited Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, David Byrne and Peter Csepely with finding the vulnerabilities.

More details on the patches are available on the official Sun Security Blog.

Permalink Comments Forward Print

digg del.icio.us reddit!

related content

Seven Microsoft security bulletins on the way

Four 'critical' patches in monthly update 05 Oct 2007

Warning on web 'super worm'

XSS database could cause major problems 03 Oct 2007

Microsoft

Windows 2000 flaw highlights slow Patch Tuesday

Vista and XP spared from most dangerous vulnerabilities 12 Sep 2007

Enterprise Security Technology

'Greynets' waiting to snare enterprises

Consumer messaging apps leaving companies at risk 11 Sep 2007

Apple iTunes

Apple slips security fix into iTunes update

Software exposes users to remote code execution vulnerability 07 Sep 2007

Firefox gets security tune-up

Flaws patched for versions 2 and 3 18 Jul 2008

Security

Enterprise Security Technology

Major DNS flaw revealed

Experts sound alarms over early disclosure 23 Jul 2008

DNS exploit haunts researcher

Local ISP attack affects BreakingPoint 31 Jul 2008

Apple misses mark on DNS patch

Leopard remains vulnerable to cache poisoning, say researchers 05 Aug 2008

Linux

Debian flaw exposes communications breakdown

A wake up call for open source developers, Gartner warns 28 May 2008

G-Wiz i

G-Wiz debuts lithium-ion model

Longer range and fast charging capability designed to appeal to suburban commuters and corporate customers 06 Jan 2009

coal

Ontario targets end to coal power

Canadian province on track to phase out coal-fired power plants by 2014, replacing them with a mix of nuclear, gas and renewables 06 Jan 2009

Gordon Brown

Tories slam UK clean tech record, as Brown outlines plan for Green New Deal

Opposition claims UK is missing out on boom in demand for green products, as Gordon Brown insists his new green investment plans are more ambitious than Obama's, relative to the size of the economy 05 Jan 2009

latest in-depth

James Murray

BusinessGreen.com's seven predictions for 2009

Why 2009 will deliver both tough times and tide-turning optimism for green businesses 05 Jan 2009

Looking for Carbon in Renewable Energy

Renewable Energy Credits are designed to spur the development of renewable energy by selling the rights to its environmental benefits. Carbon credits often aim to do much the same thing. Can the two get along? 02 Jan 2009

Barack Obama

BusinessGreen.com Review of 2008: October to December

From financial meltdown to Obama's election victory, the end of the year combined fear and hope for the green business movement 31 Dec 2008

More in-depth

what do you think?

Post your comment

Send an email to the Business Green editor at feedback@businessgreen.com

Reader comments for this story

Post your comment What is this?

advertisement

advertisement

Champagne

How to... have a green office Christmas party

BusinessGreen.com offers some top tips on how to make sure the annual office festivities prove memorable for all the right reasons

Email

BusinessGreen.com launches weekly newsletter

All the week's top green business stories straight to your inbox

Take part in the green debate

Electric car charging

Electric cars - any good?

Share your experiences of buying and using environmentally friendly vehicles 02 Oct 2007

pound coins

Efficiency and finance

Talk about the bottom-line implications of adopting more sustainable business models 02 Oct 2007

More forums

BusinessGreen blog

BusinessGreen blog

Could emission cuts be easier than we think?

The worst thing about taking two steps forward and one step back is that the frustration at your stilted progress makes it so easy to forget that you are actually... 19 Dec 2008

More from this blog

Your views on the news

EDF flicks switch on France's largest solar farm

Comment: What percentage?

Sounds impressive until you read it more closely. 10% of "solar capacity"? Who cares about that? Enough power for 4,200 homes? Meaningless but superficially impressive statistic. Balance the hype by qualifying it with useful facts... like...

Investigation: Inside the ethanol subsidies controversy

Comment: Incomplete and biased report

John Sterlicchi needs to broaden his reading on this issue, and not only the press releases of the ethanol lobby and the big processed-food producers. First, the subsidies to the ethanol industry are not "only" $5...

Read all the latest reader comments

advertisement

advertisement

advertisement