Language Selection

English French German Italian Portuguese Spanish

Java flaws open door to hackers

Filed under

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet.

The flaws could be exploited through a malicious Web site, according to alerts from the French Security Incident Response Team, which rates both issues "critical."

JRE is part of Sun's Java 2 Platform Standard Edition, or J2SE. Both flaws affect J2SE 5.0 and 5.0 Update 1 for Windows, Solaris and Linux. The general JRE flaw also affects J2SE 1.4.2_07 and earlier 1.4.2 releases for those operating systems, Sun said.

The Santa Clara, Calif.-based company is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Web site.

Sun said it wasn't aware of any exploits or attacks using the flaws.


More in Tux Machines

Red Hat and Fedora

Android Leftovers

Zorin OS 12 Beta - Flat white, no sugar

I did not do any other testing, no extensive tweaking, no customization. I felt no need or desire to do so. Now, do remember Zorin OS 12 is still in beta, so we can excuse some of the problems we see here. But others are purely Ubuntu, and have been ported over from the parent distro without any discrimination or any improvements and fixes introduced in the last six months. The big offenders include: multimedia and smartphone support, poor software management, and then the somewhat heavy utilization and slow performance. Zorin is quite pretty but weary on the eyes, it tries perhaps too hard to be more than it is, and overall, the value it brings is negatively offset by the myriad papercuts of its design and the implementation of its unique style, plus the failings of the Ubuntu family. It's an okay choice, if you will, but there's nothing too special about it anymore. It's not as fun as it used to be. Gone is the character, gone is the glamor. This aligns well with the overall despair in the Linux desktop world. Maybe the official release will be better, but I doubt it. Why would suddenly one distro excel where 50 others of the same crop had failed with the exact same problems? Final grade, 5/10. Test if you like the looks, other than that, there's no incentive in really using Zorin. Oh how the mighty have fallen. Read more

PlayStation 4 hacked again? Linux shown running on 4.01 firmware

Hackers attending the GeekPwn conference in Shanghai have revealed a new exploit for PlayStation 4 running on the 4.01 firmware. In a live demo you can see below, once again the Webkit browser is utilised in order to inject the exploit, which - after a conspicuous cut in the edit - jumps to a command line prompt, after which Linux is booted. NES emulation hilarity courtesy of Super Mario Bros duly follows. Assuming the hack is authentic - and showcasing it at GeekPwn makes the odds here likely - it's the first time we've seen the PlayStation 4's system software security compromised since previous holes in the older 1.76 firmware came to light, utilised by noted hacker group fail0verflow in the first PS4 Linux demo, shown in January this year. Read more Also: 'Deus Ex: Mankind Divided' Coming To Linux In November, Mac Port On Hold