dcsimg
 

Sun Fixes Critical Java Plug-In Flaws

By Ryan Naraine  |  Posted 2005-01-20 Email Print this article Print
 
 
 
 
 
 
 

WEBINAR:
On-Demand

Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce


The more serious of the two vulnerabilities could lead to system bypass attacks, while the other could allow interference by an untrusted applet.

A pair of vulnerabilities in the Sun Java Plug-In technology could put users at risk of system bypass attacks, Sun Microsystems Inc. confirmed Thursday.

The Santa Clara, Calif.-based company said the more serious of the two vulnerabilities could allow an untrusted applet to elevate privileges through JavaScript calling into Java code. For example, an untrusted applet may grant itself permissions to read and write local files, or may execute local applications that are accessible to the user running the untrusted applet.

A second bug may allow an untrusted applet to inappropriately interfere with another applet in the same Web page, the company said, noting that the interference may cause the applet to incorrectly load non-code resources such as files and Web pages.

The Java Plug-in technology is included as part of the Java 2 Runtime Environment, Standard Edition (JRE). It is used to establish a connection between popular browsers and the Java platform, allowing applets on Web sites to be run within a browser on the desktop.

Independent security research firm Secunia rates the flaws as "extremely critical," and it is urging users to apply the vendor patches immediately.

Affected products include Sun Java JRE 1.3.x, Sun Java JRE 1.4.x, Sun Java SDK 1.3.x and Sun Java SDK 1.4.x.

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

 
 
 
 
 
 
 
 
 
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date