As reported, Sun originally provided a patch for the bug, which could have allowed programs stamped with a digital signature to bypass Java's normal security restrictions, in the days following its discovery. But now it has begun providing an new version of the JDK, version 1.1.2, that incorporates the patch, instead of just the Band-Aid for the older JDK.
The bug was discovered by a team of Princeton University computer scientists. A sophisticated hacker could exploit the glitch to pretend to be a trusted publisher to whom the user has already granted access privileges, such as reading or modifying private files on that user's hard disk.
Sun has tried to make Java more powerful by allowing programs that are digitally signed by a publisher to venture outside the "sandbox," a security area that prevents code from freely roaming a user's hard disk.
More details about the Java security glitch can be found on the JavaSoft Web site.