• On TV.com: TOP 10 Shows CANCELED Too Soon
advertisementGet Smart about Business Spending
February 4, 2008 1:52 PM PST

Why you should patch your Java Runtime Environment

by Robert Vamosi

According to Secunia, Sun Microsystems has patched a vulnerability that could allow malicious attackers to bypass certain security restrictions.

Secunia says, "The security issue is caused due to the JRE processing external XML entity references even though the 'external general entities' property is set to FALSE. This can be exploited to e.g. access certain URLs or cause a DoS (denial of service) via malicious XML documents."

Sun says that the JDK and JRE 6 Update 4 for multiple platforms is available for download.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Browsers and extensions,

Security

Tags:

security,

Sun Microsystems,

JDK,

JRE 6,

XML,

Secunia

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Defense in Depth
Window Snyder to leave Mozilla
How to handle ID fraud's youngest victims
Is white listing going mainstream?
How Live OneCare changed the antivirus landscape
Express Scripts clients threatened with extortion
Study: DDoS attacks threaten ISP infrastructure
Security expert talks Russian gangs, botnets
Extortion used in Express Scripts database breach
Related
Alterna-browsers Firefox, Chrome get quick fixes
Critical Windows 7 holes fixed in record Patch Tuesday
Time Warner testing fix to hole in home router
Firefox 3.5.4 closes security holes
Podcast: Symantec researcher on biggest Patch Tuesday ever
IOBit 360 refreshed for Windows 7
Get an iPhone battery pack for $9.99 shipped
Free alternatives to Adobe Reader
Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
Java Security Patch
by rmva February 4, 2008 4:01 PM PST
That was clear ... as mud. Do you have any writing skills at all?
Reply to this comment
Lesson for Linux guys...
by ejevo February 11, 2008 1:28 PM PST
The above is an example of a typical Windows user. Once Linux gains broad acceptance then the Linux community will have to deal with this level of ignorance, and you'll have your systems exposed to security crap due to the inability of users to comprehend basic tech.
Which version, if any,of Java do you have
by mhinnewyork February 5, 2008 4:04 PM PST
To test your web browser to see which version of Java it is using, go to www.javatester.org. You need to check every browser as they may be different.
Reply to this comment
(3 Comments)
  • prev
  • 1
  • next
advertisement

After 5 years, Firefox faces new challenges

Mozilla helped reshape the Web since releasing Firefox 1.0 five years ago. Now it's got a reawakened Microsoft and Google Chrome to reckon with.

There's a map for that: GPS or smartphone?

Almost every handset comes with mapping software these days, but standalone GPS devices are becoming more affordable than ever.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

advertisement
advertisement
Click Here

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET