Clouds of Java Trouble for Sun
Sun Microsystems has disclosed a serious vulnerability in the Java Plug-in technology within the Software Developers' Kit (SDK) and the Java Run-time Environment (JRE) that allows attackers to bypass the Java sandbox and Java applet security.
A flaw in Sun Microsystems' plug-in for running Java on a variety of browsers
and operating systems could allow a virus to spread through Microsoft Windows
and Linux PCs.
Security information provider Secunia posted information about the flaw in an advisory that rated it a "highly critical" threat.
The episode is a big embarrassment for Sun, as Java was designed to be secure. The technology
involved is used by Web developers to create small programs, or applets, that can run on any operating system. Java is designed to run programs downloaded from the Internet on various operating systems safely, without causing any harm on the P, using the "sandbox" that cuts off Java applets from the rest of the system.
Sun's CEO, Scott McNealy, only recently asked the following question to emphasize the secure nature of Java: "When was the last time you heard of a Java virus?" Sorry
Scott but you have a major boo boo on your hands.
Sun says there is no workaround, and recommends that users of SDK and its JRE subset move to versions 1.4.2_06 and later or 1.3.1_13 and later. And in a statement disclosing the vulnerability stated: "Sun is aware that a possible security vulnerability in the Java Virtual Machine was found by Secunia, and has been collaborating with them on quickly addressing the issue," the statement said. "Although there have been no reported cases of this potential vulnerability being exploited by hackers, Sun takes this issue seriously, as it does all security issues".
A flaw-free version of the JVM software is available on Sun's Web site.
More on IT Security & Java Resources:
Security Resources & IT Security Articles
and Internet Fraud
Security certifications & Career
The World of
Get IT Updates, Tips, Career guides
in your FREE Newsletter.
Your Guide to taking the Right IT Career Decisions
Get IT Career tips,
Certification guides in your FREE newsletter. Plus regular news in Nigeria's IT
& Telecoms sector.
ICT NEWS DECEMBER
* IBM SELLS ITS PC
* SUCCESS AT
PREMIER VSAT TRAINING EVENT
* ORACLE BUYS
PEOPLESOFT FOR $10.3 BILLION
PROFESSIONALS WANTED FOR NETWORK+ BETA
APPROVES NIGERIA'S TECHNOLOGY VALLEY
MANAGEMENT -Fortune Magazine calls it, "Career Number 1."
* CLOUDS OF
JAVA TROUBLE FOR SUN
* VODACOM ATTEMPTS A
* LINUX IS
LEADING SERVER OS. IBM IS LEADING SERVER VENDOR
* NCC KNOCKS
RELEASES FREE SQL MANAGEMENT TOOL
MANAGEMENT, WIRELESS, CYBERCAFE & TELECOM TRAINING