Google's Security team has discovered vulnerabilities in the Sun Java Runtime Environment that threatens the security of all platforms, browsers and even mobile devices. "This is as bad as it gets," said Chris Gatford, a security expert from penetration testing firm Pure Hacking.
Australia's Computer Emergency Response Team (AusCERT) analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk. "It's a pretty significant weakness, which will have a considerable impact if the exploit codes come to fruition quickly. It could affect a lot of organizations and users," Gatford told ZDNet Australia.
According to Gatford, the bugs threaten pretty much every modern device. "Java runs on everything: cell phones, PDAs, and PCs. This is the problem when you have a vulnerability in something so modular--it affects so many different devices. Sun Microsystems said the flaw has since been patched.
"Also, this exploit is browser independent, as long as it invokes a vulnerable Java Runtime Environment," said Gatford. Pure Hacking's Gatford said the problem is compounded by the slim chance of an enterprise patching Java Runtime vulnerabilities. "It would be an extremely difficult and laborious process for an organization trying to patch Java Runtime across the enterprise," he said.