• On ZDNet: Why I Will never buy a Mac
February 4, 2008 1:52 PM PST

Why you should patch your Java Runtime Environment

by Robert Vamosi

According to Secunia, Sun Microsystems has patched a vulnerability that could allow malicious attackers to bypass certain security restrictions.

Secunia says, "The security issue is caused due to the JRE processing external XML entity references even though the 'external general entities' property is set to FALSE. This can be exploited to e.g. access certain URLs or cause a DoS (denial of service) via malicious XML documents."

Sun says that the JDK and JRE 6 Update 4 for multiple platforms is available for download.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Browsers and extensions,

Security

Tags:

security,

Sun Microsystems,

JDK,

JRE 6,

XML,

Secunia

Share:
Digg
Del.icio.us
Reddit
advertisement
Click here!
Recent posts from Defense in Depth
Window Snyder to leave Mozilla
How to handle ID fraud's youngest victims
Is white listing going mainstream?
How Live OneCare changed the antivirus landscape
Express Scripts clients threatened with extortion
Study: DDoS attacks threaten ISP infrastructure
Security expert talks Russian gangs, botnets
Extortion used in Express Scripts database breach
Related
Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
Java Security Patch
by rmva February 4, 2008 4:01 PM PST
That was clear ... as mud. Do you have any writing skills at all?
Reply to this comment
Lesson for Linux guys...
by ejevo February 11, 2008 1:28 PM PST
The above is an example of a typical Windows user. Once Linux gains broad acceptance then the Linux community will have to deal with this level of ignorance, and you'll have your systems exposed to security crap due to the inability of users to comprehend basic tech.
Which version, if any,of Java do you have
by mhinnewyork February 5, 2008 4:04 PM PST
To test your web browser to see which version of Java it is using, go to www.javatester.org. You need to check every browser as they may be different.
Reply to this comment
(3 Comments)
  • prev
  • 1
  • next
advertisement

With Chrome, Google reignites the OS wars

roundup Google Chrome OS, due in 2010, underscores the Web giant's cloud-computing ambitions and opens new competition with Microsoft.
• What Chrome OS has on Windows that Linux doesn't

Laying a guilt trip on military robots

q&a Georgia Tech's Ronald Arkin aims to configure armed robots with a built-in "guilt system" to help them avoid civilian casualties.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET