IT Security

Host: Chad Perrin Contact

Highly critical Java bugs patched

Date: October 6th, 2007
Author: Paul Mah
Category: patching
Tags: Sun Microsystems Inc., JRE, Java, Programming Languages, Software Development, Software/Web Development, Paul Mah

1 comment(s)

Sun has patched 11 vulnerabilities across Windows-, Linux-, and Solaris-based versions of its JRE (Java Runtime Environment) and Java Web. This includes several flaws rated as “highly critical” by outside researchers.

Excerpt from PC World:

The fixes to Java Runtime Environment (JRE) 1.3.1, 1.4.2, 5.0, and 6.0 plug holes that attackers could use to bypass security restrictions, manipulate data, disclose sensitive information, or compromise an unpatched machine. Among the JRE bugs, Sun said in several security advisories, are two that allow attack code from malicious sites to make network connections on machines other than the victimized computer…

Other vulnerabilities in JRE and Java Web Start, a framework that lets Java-based applications launch directly from a browser, could be used by attackers to read local files, overwrite local files, and hide Java-generated warnings.

Danish bug-tracking vendor Secunia has tagged five out of the 11 patches as “highly critical.” You can read more from the Sun security blog or catch a skinny of the specific Java flaws at ZDNet Blogs.

Not all vulnerabilities affect all JRE versions. Due to the absence of an automatic update mechanism for both JRE and Web Start, it might make sense to just download and apply the updated versions here.

Print/View all Posts Comments on this blog

"No Java Support Available" earlforums@... | 05/22/08

White Papers, Webcasts, and Downloads

Live Webcast: Oracle Business Intelligence for Midsize Companies: More Than Just Pretty Dashboards Oracle Oracle's Business Intelligence solutions are widely recognized as market ... Download Now
Service Management Resource Center IBM Corp. This buyer's guide provides assistance in evaluating identity and access ... Download Now
Smarter Products: The Building Blocks for a Smarter Planet IBM Corp. Businesses are delivering a new generation of smarter products that are ... Download Now

Top Rated

How China exposed Google's hypocrisy+47 votes
Ransomware: Extortion via the Internet+39 votes
GoogleSharing: A way to prevent tracking by Google+31 votes
How antivirus software works: Is it worth it?+30 votes
Panopticlick: Your Web browsing is less anonymous than you think+23 votes
The enduring cipher: Unbreakable for nearly 100 years+15 votes
Are TSA policies a bad joke?+15 votes
American Express password policy takes the cake+12 votes

TechRepublic Blogs

IT Help Desk Survival Guide, Third Edition: TechRepublic's IT Help Desk Survival Guide, Third Edition provides tools and recommendations to help you better manage help desk services, improve end-user support, troubleshoot frustrating hardware issues, identify quick fixes to vexing Windows problems, and help users make the most of Microsoft Office 2003.; Buy Now

500 Things Every Technology Professional Needs to Know: Did you know Microsoft's RegClean does not work with XP but you can use shareware to clean your registry? Did you know most wireless access points don't have encryption enabled by default? Did you know there are 500 tidbits of information contained in TechRepublic's 500 Things Every Technology Professional Needs to Know that will help you become a successful IT professional.; Buy Now

IT Security

Highly critical Java bugs patched

Print/View all Posts Comments on this blog

What do you think?

White Papers, Webcasts, and Downloads

Recent Entries

Top Rated

Archives

TechRepublic Blogs

SmartPlanet