Java Web Start security flaw patched
Sun Microsystems issued a security update on Thursday to patch vulnerabilities in its Java Web Start.
How about a security patch to take that bitter edge off your Java brew?
Sun Microsystems issued a security update on Thursday that is designed to patch vulnerabilities in its Java Web Start application, which allows software for the Java platform to be launched using a Web browser.
The security flaws, described as "highly critical," were found in Java Web Start versions JDK and JRE 5.0 Update 11 and earlier, as well as Java Web Start in SDK and, on Windows, version JRE 1.4.2_13 and earlier, according to a security advisory by Secunia.
Sun issued two security updates, one for Java Web Start in JDK and JRE 5.0 Update 12 or later, and the other for Java Web Start in SDK and JRE 1.4.2_14 or later.
Sun noted that the Java Web Start flaws could allow an untrusted application to gain permissions to overwrite any file written by the user running the application. This could include, for example, the user's .java.policy file, allowing the application to invoke applets or Java Web Start applications. These would then be used to execute arbitrary code with the permissions of the user running the untrusted application, according to Sun's security advisory.