Sun patches critical JRE security flaws

By Dawn Kawamoto
Staff Writer, CNET News

Post a comment

Related Stories: Sun issues patches for critical Java flaws
February 8, 2006; Sun plugs serious holes in Java
November 29, 2005; Java flaws open door to hackers
June 14, 2005

Sun Microsystems has issued a critical security patch to address vulnerabilities in Sun's Java Runtime Environment when it processes graphics interchange format, or GIF, images.

The security flaws could allow an attacker to gain control of a user's system via an untrusted Java applet, which in turn could allow attackers to grant themselves permission to read and write local files or execute applications on the user's computer, according to an advisory issued by Secunia on Wednesday.

Exploitation of these vulnerabilities, however, requires a user to visit a malicious Web site, as noted by Zero Day Initiative, which reported the vulnerability with the aid of an anonymous researcher.

The security flaws affect Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 update 9 and earlier, Software Development Kit (SDK) and JRE 1.4.2_12 and earlier; as well as SDK and JRE 1.3.1_18 and earlier for the Windows, Linux and Solaris platforms, according to an advisory issued by Sun on Tuesday.

Sun issued several patches to address the problem, which is somewhat similar to previous security flaws found in JRE.

See more CNET content tagged:
JRE, security flaw, Sun Microsystems Inc., JDK, patch management

Latest tech news headlines

Underground data center to help heat Helsinki
Posted in Green Tech by Reuters

November 29, 2009 9:02 PM PST
A slightly unfortunate Twitter billboard
Posted in Technically Incorrect by Chris Matyszczyk

November 29, 2009 5:54 PM PST
Barnes & Noble Nook to hit stores later than expected
Posted in Crave by Leslie Katz

November 29, 2009 5:10 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Sun Microsystems (-0.47%) -0.04 8.52; Dow Jones Industrials (-1.48%) -154.48 10,309.92; S&P 500 (-1.72%) -19.14 1,091.49; NASDAQ (-1.73%) -37.61 2,138.44; CNET TECH (-1.01%) -15.99 1,570.23

Inside CNET News

Scroll Left Scroll Right

The Space Shot
Shuttle Atlantis glides home after station visit
The shuttle Atlantis returns to Earth after an 11-day three-spacewalk mission to deliver 15 tons of equipment and spare parts to the International Space Station.
Gallery
Top-rated reviews of the week (photos)
Crave
Barnes & Noble Nook to hit stores later than expected
B&N says the company will have the e-readers in some stores on December 7, a week later than expected, because the company is prioritizing delivery to customers who preordered.
Beyond Binary
Windows 8 in 2012?
It's not clear what Microsoft's desktop plans are, but the Windows Server team included slides at PDC suggesting a new major release coming around 2012.
Video
Google Chrome OS demonstration
Technically Incorrect
Droid does, iPhone doesn't: The porn app store
Company called MiKandi launches what it claims is the world's first adult-only mobile app store. But while the apps work with Android phones, they won't with iPhones.
Video
Google Chrome OS unveiling
Geek Gestalt
A wild ride on NASA's massive flight simulator
The Vertical Motion Simulator trains all comers in capsule landings, helicopter flights, and even bobsled runs. Now it's helping in the design of next-gen lunar landers.
Cutting Edge
CERN particle accelerator sees first collisions
Four days after its restart, the scientific work at the Large Hadron Collider in Switzerland has headed "into new territory. It's been going quite remarkably fast."
Gallery
Motion simulator readies NASA for moon landing (photos)
Technically Incorrect
A slightly unfortunate Twitter billboard
A Twitter billboard for a TV station in Mobile, Ala., manages to marry an image of its three news anchors with the tweet: "3 accused of gang rape in Monroeville."
Green Tech
Underground data center to help heat Helsinki
Excess heat from hundreds of computer servers to be located in the bedrock beneath one of the city's popular tourist sites will be captured and channeled into a system of water-heated pipes used to warm homes.