Channel News and Analysis - Channel Insider

Empowering the next generation Channel

Home

Channel News and Analysis

Sun Fixes Critical Java Plug-In Flaws

in Channel News and Analysis

DATE: 2005-01-20 | By Ryan Naraine

Article Rating:

/ 0
Article Views: 876

More Channel News and Analysis Coverage

<<Previous Channel News and Analysis News Next Channel News and Analysis News >>

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

The more serious of the two vulnerabilities could lead to system bypass attacks, while the other could allow interference by an untrusted applet.

A pair of vulnerabilities in the Sun Java Plug-In technology could put users at risk of system bypass attacks, Sun Microsystems Inc. confirmed Thursday.

The Santa Clara, Calif.-based company said the more serious of the two vulnerabilities could allow an untrusted applet to elevate privileges through JavaScript calling into Java code. For example, an untrusted applet may grant itself permissions to read and write local files, or may execute local applications that are accessible to the user running the untrusted applet.

A second bug may allow an untrusted applet to inappropriately interfere with another applet in the same Web page, the company said, noting that the interference may cause the applet to incorrectly load non-code resources such as files and Web pages.

The Java Plug-in technology is included as part of the Java 2 Runtime Environment, Standard Edition (JRE). It is used to establish a connection between popular browsers and the Java platform, allowing applets on Web sites to be run within a browser on the desktop.

Independent security research firm Secunia rates the flaws as "extremely critical," and it is urging users to apply the vendor patches immediately.

Affected products include Sun Java JRE 1.3.x, Sun Java JRE 1.4.x, Sun Java SDK 1.3.x and Sun Java SDK 1.4.x.

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

	Discuss Sun Fixes Critical Java Plug-In Flaws

	>>> Be the FIRST to comment on this article!



	>>> More Channel News and Analysis Articles >>> More By Ryan Naraine

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

[ci] feeds

Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

CHANNEL RESOURCE CENTER

How much time do you spend hunting for enterprise IT content?
Let Enterprise TechBrief do the work for you. Aggregated content, tech news, product reviews, vendor updates, how-to’s—all you need to boost your efficiencies and cut costs, all from one place.
enterprisetechbrief.com

Are You Compliant with SAS 70?
Join Larry Walsh of Ziff Davis Enterprise and his guests as they explore what it means for an MSP to be compliant with SAS 70 and how having expertise in such standards as Sarbanes-Oxley, HIPAA and PCI-DSS provides a competitive advantage.
Click here for more

Want to Know How You Cost-Effectively Build & Grow A Predictable MSP Business Today?

Yes it's tough out there. The "hey days" are gone.... But you can still increase your revenue and profits by shifting your business focus from a technology driven company to a sales and marketing driven company and we’ll show you how with 5 proven steps. Mar 23, 2010 at 2:00 p.m. ET
Register Today

Channel Insider:

Security:
Network Security
Enterprise Networking
Infrastructure Security
How To: Data
IT Security News
Security Watch Blog
Secure Channel Blog

Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog

Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
Computer Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog

Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews

Apps & Development:
Application Development
SAAS
Search Engines
Database Software
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
Value Added Resellers

More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
eWeek Magazine Subscriptions

Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Publish Online
Web Buyers Guide

Developer Websites:
Microsoft DevSource
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware

Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2010 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
ZDE Cluster 3 hosted by Hostway.

Sun Fixes Critical Java Plug-In Flaws

More Channel News and Analysis Coverage

Related Content