Sun issues patches for critical Java flaws

Fixes are for versions of Java Runtime Environment that include a flawed programming interface.

Sun Microsystems issued a patch Tuesday to address seven "highly critical" flaws in its Java Runtime Environment that could allow a malicious attacker to gain remote control over a user's system.

The flaws affect systems running on Windows, Solaris and Linux that are using certain versions of Sun's Java Development Kit 1.5, Software Development Kit (SDK) 1.3 and 1.4, and JRE 1.3, 1.4, 1.5 and 5.0, or earlier, according to an advisory issued by Secunia, which rated the flaws as "highly critical."

Sun's JRE software, especially version 1.4, is found on a number of computers and allows users to run Java applications, which operate in a "sandbox"--a separate area cordoned off from the rest of the user's system.

These latest flaws are found in one of the JRE's application programming interfaces, or API, which communicate between the sandbox and the rest of the system. The flaws could be exploited by attackers to gain remote access to a user's Java applications, allowing them to read and write files or execute code.

"An applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet," according to Sun's advisory.

Sun's security patch is its latest involving JRE. Last November, Sun issued a fix for five vulnerabilities in its JRE , of which three also dealt with the API.

About the author

    Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

     

    Discuss Sun issues patches for critical Java flaws

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Articles from CNET
    Insane flying semi-trailer sets jump record, nearly takes out building