Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under
Security

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Java.com Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.

Source.

More in Tux Machines

Ubuntu, Debian, Fedora and elementary OS All Patched Against WPA2 KRACK Bug

As you are aware, there's a major WPA2 (Wi-Fi Protected Access II) security vulnerability in the wild, affecting virtually any device or operating system that uses the security protocol, including all GNU/Linux distributions. Read more

Pixel 2 and 2 XL review—The best Android phone you can buy

Welcome to year two of Google Hardware. In 2016, Google jumped into the Android hardware space with its first self-branded device, the Google Pixel. Google's software prowess shined on the Pixel 1, offering up exclusive features like the Google Assistant, the best Android camera thanks to advanced software processing, fast day-one OS updates and betas, and the smoothest, best-performing overall build of Android. The killer software package made it the best Android phone of the previous generation. The Pixel still represented Google's first foray into smartphone hardware, though, and it didn't offer anything special in the hardware department. It was a bland-looking iPhone clone. It had the same specs and basic design as everything else. The Pixel even skipped water resistance, which had become an expected feature at that price point. Google said it wanted to make its own hardware, but it didn't actually build special hardware. Read more

6 Best Open Source Alternatives to Microsoft Office for Linux

Looking for Microsoft Office in Linux? Here are the best free and open source alternatives to Microsoft Office for Linux. Read more

Today in Techrights