Java flaws Open Door to Hackers

Advertisement (Why?)

Sun Microsystems has fixed a pair of security bugs in Java that could be exploited by attackers to take over computers running Windows, Linux and Solaris.

The flaws are "highly critical," security monitoring company Secunia said in an advisory posted Tuesday. Flaws that get that ranking--one notch below Secunia's most severe "extremely critical" rating--are typically remotely exploitable and can lead to full system compromise.

Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim's computer, Sun said in two separate security advisories released Monday.

Solution:

Update to J2SE 5.0 Update 2 or 1.4.2_08 for Windows, Solaris, and Linux. (According to Secunia)

View: More Information

Download: Java 2 Platform Standard Edition 5.0

Download: Java 2 Platform, Standard Edition, v 1.4.2 (J2SE)

News source: C|Net News.com

What's New: (continued)

DivX Player:

Features the latest DivX decoder for enhanced quality and performance
Integrates support for DivX media file playback
Incorporates enhanced HD playback capability

The DivX Player™ is included in both the DivX Create Bundle and DivX Play Bundle.

DivX Codec

Offers up to 40% better quality and compression than the DivX 5 codec.
Features enhanced playback performance and quality
Adds DivX media file playback support to all popular media players

The DivX® codec is included in all DivX bundles. The DivX Pro™ codec is included in the DivX Create Bundle.

(2 replies) #1 Avi on 15 Jun 2005 - 14:56

Well, the solution is dumb, cuz J2SE Runtime Environment 5.0 Update 3 is out already... so don't tell people to use Update 2...

#1.1 Magallanes on 15 Jun 2005 - 16:06

people install java runtime once and mainly because some stupid webpage ask for this stupid runtime for run.

IMHO i dislike the webpages with javas.

#1.2 MtDewCodeRedFreak on 15 Jun 2005 - 22:19

Thanks for the news, Avi! I now have the Update 3.

(1 reply) #2 roadwarrior on 15 Jun 2005 - 15:07

The article doesn't mention OS X. Is the Java environment in it affected or not?

#2.1 sphbecker on 16 Jun 2005 - 21:57

Probably, but Apple distributes Java updates along with other patches, so if you use Apple's software update tool you should be fine.

(2 replies) #3 one321 on 15 Jun 2005 - 15:08

What is the difference between Standard Edition 5.0 and Standard Edition v1.4.2 J2SE?

#3.1 Avi on 15 Jun 2005 - 15:11

Well, don't let the version number confuse you... 5.0 is 1.5.0...

It is simply new, with less bugs... From my experience, Java 5.0 is MUCH MUCH faster than 1.4.0... Also, they have a much nicer theme for Swing now... (and you can also have "fake" native look-and-feel)

I suggest you read the stuff in http://java.sun.com

#3.2 one321 on 15 Jun 2005 - 15:36

Okay, thanks. I was worried 5.0 (1.5.0) might be bloated or something like that. I'm not a huge Java user, but a couple apps I use need it.

(1 reply) #4 lbmouse on 15 Jun 2005 - 15:24

QUOTE

Java flaws Open Door to Hackers

WTF? More FUD from Secunia.

one notch below Secunia's most severe "extremely critical"

Microsoft has had this honor from Secunia numerous times. This company is in the same business as Chicken Little. Too bad they don't have more creditability.

#4.1 sphbecker on 16 Jun 2005 - 21:58

What are you trying to say exactly?

(2 replies) #5 Nighthawk-F117 on 15 Jun 2005 - 15:46

Update to an older version?

#5.1 tony1979 on 15 Jun 2005 - 18:40

why not? same old java crap anyways lol.

#5.2 GAM on 15 Jun 2005 - 20:55

why not?

Because there is a newer version out there that addresses additional issues, that's why.

same old java crap anyways lol.

First of all, there is nothing old about Java --it is one of the most modern platforms/environments available. Second, Java is actually pretty good at what it does, so save your lame comments unless you can be more specific.

#6 Nitrate on 15 Jun 2005 - 15:46

Oh I hate java. It gives me no end of trouble and now it won't update. I would like to give up but then then someone could take complete control of my computer...

(1 reply) #7 DjmUK on 15 Jun 2005 - 16:09

Is this java platform required for certain web pages. Or is this java programs as opposed to javascript?

#7.1 GAM on 15 Jun 2005 - 18:26

JavaScript has nothing to do with Java, except that it has Java in the name and the syntax may resemble Java. JavaScript is a scripting language that was originally known as LiveScript and as far as I know it was developed at Netscape.

(1 reply) #8 Packet1009 on 15 Jun 2005 - 17:07

it's for java applications, not javascript.

#8.1 GAM on 15 Jun 2005 - 18:28

The Java platform is not only for applications, it can be used for Java applets too.

(1 reply) #9 TheSarge on 15 Jun 2005 - 17:39

So, in Summary: Secunia found a bug in Sun JAVA that was fixed FIVE VERSIONS AGO!
Holy ****, call the president! Roll out the SWAT teams! Activate the emgency response plan!

Talk about a non-issue.

#9.1 tony1979 on 15 Jun 2005 - 18:41

homeland security should update there threat level to red on this one lol.

#10 _dandy_ on 16 Jun 2005 - 20:48

"Write once, run everywhere" at its best...

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net