BusinessGreen.com > News > Hacking

Sun patches 'critical' Java flaws

Problems with JDK, JRE and SDK

Matt Chapman, vnunet.com, 05 Oct 2007

Sun Microsystems has patched a number of flaws in its Java products that affect users running Windows, Linux and Solaris.

Secunia rated the flaws as 'highly critical' in a security advisory because they could allow a remote attacker to bypass security, gain system access, expose system and sensitive information and manipulate data.

Vulnerabilities were reported in the Java Developer Kit, Java Runtime Environment 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, Software Developer Kit and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier.

Problems included multiple unspecified errors that could allow hackers to use malicious applets or APIs to establish network connections on machines other than the originating host.

Other errors in Java Web Start could also be exploited to read or write local files or find the location of the Java Web Start cache.

An unspecified JRE error could also be used to move or copy arbitrary files on the system.

Sun credited Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, David Byrne and Peter Csepely with finding the vulnerabilities.

More details on the patches are available on the official Sun Security Blog.

Permalink Comments Forward Print

digg del.icio.us reddit!

related content

Seven Microsoft security bulletins on the way

Four 'critical' patches in monthly update 05 Oct 2007

Warning on web 'super worm'

XSS database could cause major problems 03 Oct 2007

Microsoft

Windows 2000 flaw highlights slow Patch Tuesday

Vista and XP spared from most dangerous vulnerabilities 12 Sep 2007

Enterprise Security Technology

'Greynets' waiting to snare enterprises

Consumer messaging apps leaving companies at risk 11 Sep 2007

Apple iTunes

Apple slips security fix into iTunes update

Software exposes users to remote code execution vulnerability 07 Sep 2007

Firefox gets security tune-up

Flaws patched for versions 2 and 3 18 Jul 2008

BlackBerry handset

Enterprise Security Technology

RIM warns of BlackBerry PDF vulnerability

Hackers could execute code and gain control of a BlackBerry Enterprise Server 27 May 2009

Security

Enterprise Security Technology

Major DNS flaw revealed

Experts sound alarms over early disclosure 23 Jul 2008

DNS exploit haunts researcher

Local ISP attack affects BreakingPoint 31 Jul 2008

Microsoft bugs

Microsoft warns of new flaw in Internet Information Server

Web hosts encouraged to lock down server component 20 May 2009

Cabinet Office

Public sector bosses fear they will miss green IT goals

Survey of public sector IT managers reveals deep concern over ability to deliver on carbon-neutral targets 03 Jul 2009

Wave bouy

Updated: South West announces £10m boost for regional wave hub

Fresh funding will provide new wave energy research equipment and support research 03 Jul 2009

US powers up new Energy Star PC standards

EPA hints it could soon raise efficiency bar for routers, modems and storage systems 03 Jul 2009

latest in-depth

Masdar

BusinessGreen.com Most Read – 3 July

From record-breaking solar panels to the International Renewable Energy Agency's new home, we round up the top stories from the past week 03 Jul 2009

Treasury's climate court battle shines spotlight on growing legal risk

Well, I hope they got a no win, no fee deal. I don't like being cynical (it's more of a congenital thing)... 03 Jul 2009

Carlsberg brewery, Copenhagen

Green computing should learn from traditional industry

Recycling waste heat is nothing new, so why has the computer industry not kept up? 01 Jul 2009

More in-depth

what do you think?

Post your comment

Send an email to the Business Green editor at feedback@businessgreen.com

Reader comments for this story

Post your comment What is this?

advertisement

advertisement

BusinessGreen.com launches LinkedIn group, joins Twittersphere

Green professionals can now join our social networking group and follow BusinessGreen.com on Twitter

Wind turbine

Get your green jobs here

BusinessGreen.com launches new green jobs search engine, BusinessGreenjobs.com

Job of the week

Consulting Group Manager - Policy & Strategy 237
£ 50,000 per year
London, United Kingdom
The Climate Change practice comprises of circa 70 professionals with backgrounds in economics, sustainability, renewables,...

Senior Consultant 166
£ 45,000 per year
Oxford, United Kingdom
The Renewable Energy team in the Southern region are looking to expand their operations. And are now seeking a Senior...

Senior Consultant 166
£ 45,000 per year
Cambridge, United Kingdom
The Renewable Energy team in the Southern region are looking to expand their operations. And are now seeking a Senior...

Green jobs

Find your next green job here

Business Green Jobs

BusinessGreen blog

BusinessGreen blog

Treasury's climate court battle shines spotlight on growing legal risk

Well, I hope they got a no win, no fee deal. I don't like being cynical (it's more of a congenital thing) but I would not put any money on... 03 Jul 2009

More from this blog

Your views on the news

Carbon Trust opens up £100m green treasure chest

Comment: Confusion caused for newly-eligible businesses

They've expanded the criteria for loan eligibility, but since companies won't learn for months whether they're within the remit of the Carbon Reduction Commitment scheme they'll not know if they can apply for Carbon Trust loans....

Apple backs energy and waste saving standard phone charger

Comment: Finally!

"Finally" is right!

Read all the latest reader comments

advertisement

advertisement

advertisement

Primary Navigation

Home

News

In-depth

Reviews

Blog

Audio/Video

Resources

Jobs

Newsletter