New Java exploits brewing

Attackers have released exploit code targeting two previously patched flaws in Sun Microsystems' Java Runtime Environment (JRE) and Java Software Development Kit (SDK). The flaws could allow an attacker to remotely execute code on a Windows, Linux or Solaris system. Sun issued patches for both vulnerabilities in December. The JRE component allows JavaScript code to be executed on most operating systems, including Windows, Mac OS, Linux and Unix.

The vulnerabilities affect JRE 1.3.x, 1.4.x and 1.5.x, as well as versions 1.3.x and 1.4.x of the SDK and versions 1.5.x of the Java Development Kit. Danish security vendor Secunia rates one of the vulnerabilities as 'highly critical', the company's second-highest level, owing to the possibility for remote code execution.

View: The full story
News source: vnunet

Report a problem with article
Previous Story

Maxthon 2.0.1 Build 5462 Beta 3

Next Story

Critical Apple flaw discovered in Mac OS X

3 Comments

Commenting is disabled on this article.

The JRE component allows JavaScript code to be executed on most operating systems...

Ummm...Java and JavaScript are two very different things. The JRE has no part in executing JavaScript code.

Java is a compiled (to byte-code, not machine code), cross-platform, object oriented programming language designed and maintained by Sun Microsystems. JavaScript is an interpreted scripting language originally designed by Netscape used primarily for web page scripting.