Seven vulnerabilities have been reported in Sun Java JRE (Java Runtime
Environment), which potentially can be exploited by malicious people to
compromise a user's system.
The vulnerabilities are caused due to various unspecified errors in the
"reflection" APIs. This may be exploited by a malicious, untrusted
applet to read and write local files or execute local applications.
The following releases are affected by one or more of the seven vulnerabilities on Windows, Solaris, and Linux platforms:
* JDK and JRE 5.0 Update 5 and prior
* SDK and JRE 1.4.2_09 and prior
* SDK and JRE 1.3.1_16 and prior
Solution:
Update to the fixed versions.
JDK and JRE 5.0:
Update to JDK and JRE 5.0 Update 6 or later.
http://java.sun.com/j2se/1.5.0/download.jsp
SDK and JRE 1.4.x:
Update to SDK and JRE 1.4.2_10 or later.
http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.x:
Update to SDK and JRE 1.3.1_17 or later.
http://java.sun.com/j2se/1.3/download.html
Secunia - Advisories - Sun Java JRE "reflection" APIs Sandbox Security Bypass Vulnerabilities
« Blog posting slowing as life catches up | Main | SpyFalcon Removal »
February 08, 2006
The comments to this entry are closed.
Search This Blog
Subscribe
June 2006
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 |
Blog Worm
- Infected by Blog.Worm
Please note this not a real virus but only an embeded GIF file meant for humor.
Other Blogs of Note
- eWEEK.com Security Blog
- F-Secure : News from the Lab
- Mark's Sysinternals Blog
- Nick's Computer Security
- ReveNews
- Security Fix
- Spyware Confidential
- Spyware Daily
- Spyware Hunt
- Spyware Informer
- Spyware Sucks
- SpywareInfo
- Sunbelt BLOG
- Technology & Marketing Law Blog
- Tenebril Spyware Blog
- Threat Chaos
- Vitalsecurity.org
Comments