Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under
Security

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Java.com Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.

Source.

More in Tux Machines

More AMD Radeon R9 Fury Linux Benchmarks

Continuing on from yesterday's first Linux review of the AMD Radeon R9 Fury, here are some more Catalyst Linux benchmarks from this $550 graphics card. Since yesterday's review of the R9 Fury on Ubuntu Linux I have run some more tests covering a few other test profiles as well as delivering some more 1920 x 1080 and 2560 x 1440 (rather than 4K) benchmarks for those wishing to run their own side-by-side comparisons against this air-cooled Fiji graphics card with 4GB of High Bandwidth Memory. Read more

Lubuntu 15.10 Alpha 2 Is Ready for Download, Still Using the LXDE Desktop Environment

The development team behind Lubuntu, an open-source and freely distributed flavor of the popular Ubuntu Linux operating system, announced a few minutes ago the release of the second Alpha build for the upcoming Lubuntu 15.10 (Wily Werewolf) distribution. Read more

Ubuntu Kylin 15.10 Alpha 2 Is Out for Testing with Linux Kernel 4.1, More

The development team behind the Ubuntu Kylin computer operating system have announced earlier today the immediate availability for download and testing of the second Alpha build of the upcoming Ubuntu Kylin 15.10 (Wily Werewolf) distro. Read more

Linux-powered smart sniper rifle can be hacked

Two years ago, TrackingPoint burst on to the scene with a Linux-powered smart sniper rifle that took the guesswork out of killshots. Now, however, a pair of hackers have figured out how to make it miss every single time. Read more