Three critical flaws found in Java
Sun's Java Runtime Environment (JRE) contains critical security flaws that could allow remote attackers to execute applications on a system. The bugs, patched in a new release yesterday, affect Windows, Unix and Linux platforms. The Java Software Development Kit (SDK) is also affected.
Sun warns for three separate vulnerabilities, each of which could allow the applet to read and write local files and execute applications accessible to the user running the applet, with the user's privileges.
Ordinarily, Java applets are restricted from reading and writing files and executing applications by the Java "sandbox".
The JRE is the code used to execute Java applets on a local system, and is one of the most widely distributed client-side software products. Versions of the JRE are also found in unconventional systems such as mobile phones.
Comments
Be the first to write a comment
You must me logged in to write a comment.