Secunia reported earlier today that they’ve discovered multiple vulnerabilities in the Sun Java JRE (Java Runtime Environment):
- Multiple unspecified errors in the Java Runtime Environment can be exploited by e.g. a malicious applet or by using Java APIs to establish network connections to certain services on machines other than the originating host.
- Multiple unspecified errors in Java Web Start can be exploited by a malicious applet to read/write local files or determine the location of the Java Web Start cache.
- An unspecified error in the Java Runtime Environment can be exploited to move or copy arbitrary files on the system by e.g. tricking a user into dragging and dropping a file from an applet to a desktop application that has the proper permissions.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable: secunia.com/software_inspector/
Update to the fixed versions.
JDK and JRE 6 Update 3:
JDK and JRE 5.0 Update 13:
SDK and JRE 1.4.2_16:
SDK and JRE 1.3.1 for Solaris 8: