JUNE 15, 2005
(IDG NEWS SERVICE)
-
Sun Microsystems Inc. issued alerts this week about vulnerabilities in its Java platform that security researchers have described as critical and that could allow attackers to execute malicious code on targeted computers.
The affected software is Sun's Java Web Start and Java Runtime Environment. Weaknesses in the programs could allow applications to grant themselves permissions to write local files or execute other applications, allowing an attacker to gain backdoor access to victims' computers. Such an attack could be carried out without any visible symptoms, Sun said.
The vendor recommends that users replace earlier versions of Java 2 Platform Standard Edition with a more recent version. J2SE 5.0 Update 2, released in March, repairs the flaw; Sun's most recent J2SE 5.0 release is Update 3. J2SE updates are available for download on Sun's Web site.
Danish security firm Secunia rates the vulnerabilities "highly critical," its second-highest classification, while the French Security Incident Response Team gave it a "critical" rating, that organization's highest advisory rank. Those rankings are reserved for remotely exploitable vulnerabilities that can be executed without a user's knowledge.
Reprinted with permission from
For more news from IDG visit IDG.net
Story copyright 2005 International Data Group. All rights reserved.
