Update Java immediately!

Secunia reported earlier today that they’ve discovered multiple vulnerabilities in the Sun Java JRE (Java Runtime Environment):

  1. Multiple unspecified errors in the Java Runtime Environment can be exploited by e.g. a malicious applet or by using Java APIs to establish network connections to certain services on machines other than the originating host.
  2. Multiple unspecified errors in Java Web Start can be exploited by a malicious applet to read/write local files or determine the location of the Java Web Start cache.
  3. An unspecified error in the Java Runtime Environment can be exploited to move or copy arbitrary files on the system by e.g. tricking a user into dragging and dropping a file from an applet to a desktop application that has the proper permissions.

Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable: secunia.com/software_inspector/

Solution:
Update to the fixed versions.

JDK and JRE 6 Update 3:
java.sun.com/javase/downloads/index.jsp

JDK and JRE 5.0 Update 13:
java.sun.com/javase/downloads/index_jdk5.jsp

SDK and JRE 1.4.2_16:
java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.1 for Solaris 8:
java.sun.com/j2se/1.3/download.html

NOTE: Some vulnerabilities only affect certain versions or browsers. Please see the vendor’s advisories for details [ 1, 2, 3, 4 ]

Comments are closed.