BusinessGreen > News > Hacking

Sun patches 'critical' Java flaws

Problems with JDK, JRE and SDK

Matt Chapman, vnunet.com, 05 Oct 2007

Sun Microsystems has patched a number of flaws in its Java products that affect users running Windows, Linux and Solaris.

Secunia rated the flaws as 'highly critical' in a security advisory because they could allow a remote attacker to bypass security, gain system access, expose system and sensitive information and manipulate data.

Vulnerabilities were reported in the Java Developer Kit, Java Runtime Environment 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, Software Developer Kit and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier.

Problems included multiple unspecified errors that could allow hackers to use malicious applets or APIs to establish network connections on machines other than the originating host.

Other errors in Java Web Start could also be exploited to read or write local files or find the location of the Java Web Start cache.

An unspecified JRE error could also be used to move or copy arbitrary files on the system.

Sun credited Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, David Byrne and Peter Csepely with finding the vulnerabilities.

More details on the patches are available on the official Sun Security Blog.

Permalink Comments Forward Print

digg del.icio.us reddit!

related content

Seven Microsoft security bulletins on the way

Four 'critical' patches in monthly update 05 Oct 2007

Warning on web 'super worm'

XSS database could cause major problems 03 Oct 2007

Microsoft

Windows 2000 flaw highlights slow Patch Tuesday

Vista and XP spared from most dangerous vulnerabilities 12 Sep 2007

Enterprise Security Technology

'Greynets' waiting to snare enterprises

Consumer messaging apps leaving companies at risk 11 Sep 2007

Apple iTunes

Apple slips security fix into iTunes update

Software exposes users to remote code execution vulnerability 07 Sep 2007

SuSE patches 'highly critical' Java flaw

Remote system access possible unless update is applied 18 Oct 2007

Enterprise Security Technology

Kaspersky falls through Online Scanner flaw

Security firm unaware of 'highly critical' vulnerability 11 Oct 2007

Firefox gets security tune-up

Flaws patched for versions 2 and 3 18 Jul 2008

Security

Enterprise Security Technology

Major DNS flaw revealed

Experts sound alarms over early disclosure 23 Jul 2008

DNS exploit haunts researcher

Local ISP attack affects BreakingPoint 31 Jul 2008

Pollution

Mystery energy firm to invest in Norwegian carbon capture project

Company poised to join research project designed to optimise carbon capture processes 21 Aug 2008

offshore wind

Lib Dems outline plan for energy independence by 2050

Call for an investment programme on a scale of the Apollo projects as party pledges to increase pressure on government to toughen up Climate Bill 21 Aug 2008

PCs

Firms urged to think twice before re-purposing old PCs

Businesses using old PCs as thin clients are struggling to achieve expected carbon savings 21 Aug 2008

latest in-depth

Investing in water: The ultimate green saving

The impending global water crisis can only be averted if the private sector takes advantage of the water investment opportunities on offer 21 Aug 2008

Paul Thomas

Why do companies greenwash?

As the reputational risks associated with greenwash become more apparent every day, Paul Thomas asks why some firms still find themselves overstating their environmental credentials 20 Aug 2008

Stock figures

The beginners' guide to the UK's carbon trading schemes

Emissions trading is widely touted as one of the best mechanisms for tackling climate change, but how do these schemes work and how will your business be affected? Tom Young investigates three of the emissions trading schemes having an impact on UK firms 19 Aug 2008

More in-depth

what do you think?

Post your comment

Send an email to the Business Green editor at feedback@businessgreen.com

Reader comments for this story

Post your comment What is this?

advertisement

advertisement

The Carbon Trust

The Carbon Trust provides a raft of best practice guidance, tips and services for businesses and public sector organisations looking to cut their carbon footprint

The Department for Environment, Food and Rural Affairs (DEFRA) website provides information on all the government's environmental policies and regulations

Take part in the green debate

Electric car charging

Electric cars - any good?

Share your experiences of buying and using environmentally friendly vehicles 02 Oct 2007

pound coins

Efficiency and finance

Talk about the bottom-line implications of adopting more sustainable business models 02 Oct 2007

Green button labelled opportunity

Building a greener business

Discuss the steps firms are taking to control and reduce their environmental impact 02 Oct 2007

The Week in Green: Cut flowers and broken supply chains

Our supply chains are broken. That, in a nutshell, is the diagnosis from software giant Oracle's recent study on the state of the world's supply chains. Of course, as a... 14 Aug 2008

How to solve a problem like Kingsnorth

It was the US novelist F Scott Fitzgerald who once observed that the "test of a first-rate intelligence is the ability to hold two opposed ideas in the mind at... 12 Aug 2008

More from this blog

Your views on the news

Business review: Toyota Prius

Comment: Not True

"If the majority of your driving is done at constant speed on the motorway, you might as well buy an ordinary car and not lug around a hybrid?s heavy batteries." 1. This statement does not match...

Is green dead? Not on your life

Comment: Is green dead. I wish it was.

Green is in my mind synonymous with using dishonest lying inept science to promote wasteful inefficient stupidity in the name of achieving the opposite. The computer models used to justify AGW have never been subjected to...

Read all the latest reader comments

advertisement

advertisement

advertisement