CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

Java software flaw prompts a response

Microsoft offers a patch for a flaw in its Java Virtual Machine could let hackers capture sensitive data such as a person's passwords. Sun and Netscape also issue alerts.

A flaw in Microsoft's Java Virtual Machine could allow hackers to hijack a browser and redirect traffic, capturing sensitive data such as the person's passwords, Microsoft has revealed.

The company disclosed the flaw Monday on its Web site and posted a patch intended to rectify the problem.

A Java Virtual Machine converts programs written in the Java language into machine code that computers can read. That lets programs run on many different computer systems--such as those using Apple Computer's Mac OS or Microsoft's Windows--without having to be rewritten for each operating system.

Sun Microsystems and AOL Time Warner's Netscape division issued similar alerts regarding the exploit. Netscape's Communicator browser comes with Sun's Java Virtual Machine. Netscape said it encouraged people to upgrade to the latest version of its software, which includes a plug-in from Sun that is not subject to the problem.

To exploit the flaw, a hacker would lure a person to a site where a malicious Java applet is running. In order for the exploit to work, the victim would have to have Internet Explorer configured to access Internet resources via a proxy server. The flaw would let a hacker view the information as it passes through the proxy server.

People whose browsers are not configured to use a proxy server, which includes most home users, are not at risk, Microsoft said.

Since the beginning of the year, the Redmond, Wash.-based company has placed a greater emphasis on the security of its software products, though analysts say that tangible results have yet to emerge in a significant way.