Sun Microsystems issued a patch Tuesday to address seven "highly critical" flaws in its Java Runtime Environment that could allow a malicious attacker to gain remote control over a user's system.
The flaws affect systems running on Windows, Solaris and Linux that are using certain versions of Sun's Java Development Kit 1.5, Software Development Kit (SDK) 1.3 and 1.4, and JRE 1.3, 1.4, 1.5 and 5.0, or earlier, according to an advisory issued by Secunia, which rated the flaws as "highly critical."
Sun's JRE software, especially version 1.4, is found on a number of computers and allows users to run Java applications, which operate in a "sandbox"--a separate area cordoned off from the rest of the user's system.
These latest flaws are found in one of the JRE's application programming interfaces, or API, which communicate between the sandbox and the rest of the system. The flaws could be exploited by attackers to gain remote access to a user's Java applications, allowing them to read and write files or execute code.
"An applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet," according to Sun's advisory.
Contrary to most people's assumptions that Windows is the only OS with vulnerabilities, the "beloved" Linux is just as ripe for exploiting. The problem is that it doesn't get nearly the press simply because it is only used by a fraction of the population. Alsways remember: Linux is written BY programmers FOR programmers.
Some useful statistics that help put it into perspective:
Reported Security vulnerabilities: Windows XP: 2 in 2006, 45 in 2005 Fedora: 15 in 2006, 84 in 2005 RedHat Enterprise Linux AS 4: 11 in 2006, 136 in 2005 Mozilla Firefox 1.x: 1 in 2006, 22 in 2005 Microsoft Internet Explorer 6.x: 0 in 2006, 17 in 2005
That is but a mere taste to illustrate that it is the Open Source community, NOT Microsoft (contrary to popular believe) that has the higher number of reported security vulnerabilities. Thes stats are taken from <a class="jive-link-external" href="http://secunia.com" target="_newWindow">http://secunia.com</a> (sorry...not affiliated with Microsoft as you were hoping).
Flaws aren't just the domain of MS products as viruses and worms have been masquerading around PC's with the MacOS 10 OS for a few weeks.
Extremely critical Mac OS X zero-day exploit released <a class="jive-link-external" href="http://blogs.zdnet.com/Ou/index.php?p=163&tag=nl.e550" target="_newWindow">http://blogs.zdnet.com/Ou/index.php?p=163&tag=nl.e550</a>
Just a few weeks ago I had to spend my Saturday removing the previous version of Java and installing 1.5. I had to use Registry Mechanic to completely remove every trace because Java's own uninstall leaves all kinds of things from previous versions behind in the Windows registry. Since I have 2 computers, I had to do all this work twice. Now Sun tells me that unless I do this whole rigamarole over again my computer is at risk. What a crock of ****!
What about all those average computer users out there who don't even have a clue as to what Java is, or why they need to upgrade. After all, Java is no longer a Windows component, so it does not show up in the Windows Security Center critical notifications alerts. Yes my friends, something is seriously hosed with the entire Wintel concept if people of modest education cannot even operate a basic input-output device like this safely and securely without running it light a maximum security prison.
The two telecom carriers will carry a next-generation iPad running on the fast, next-generation wireless technology, sources tell The Wall Street Journal.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Some useful statistics that help put it into perspective:
Reported Security vulnerabilities:
Windows XP: 2 in 2006, 45 in 2005
Fedora: 15 in 2006, 84 in 2005
RedHat Enterprise Linux AS 4: 11 in 2006, 136 in 2005
Mozilla Firefox 1.x: 1 in 2006, 22 in 2005
Microsoft Internet Explorer 6.x: 0 in 2006, 17 in 2005
That is but a mere taste to illustrate that it is the Open Source community, NOT Microsoft (contrary to popular believe) that has the higher number of reported security vulnerabilities. Thes stats are taken from <a class="jive-link-external" href="http://secunia.com" target="_newWindow">http://secunia.com</a> (sorry...not affiliated with Microsoft as you were hoping).
Extremely critical Mac OS X zero-day exploit released
<a class="jive-link-external" href="http://blogs.zdnet.com/Ou/index.php?p=163&tag=nl.e550" target="_newWindow">http://blogs.zdnet.com/Ou/index.php?p=163&tag=nl.e550</a>
What about all those average computer users out there who don't even have a clue as to what Java is, or why they need to upgrade. After all, Java is no longer a Windows component, so it does not show up in the Windows Security Center critical notifications alerts. Yes my friends, something is seriously hosed with the entire Wintel concept if people of modest education cannot even operate a basic input-output device like this safely and securely without running it light a maximum security prison.