On February 8, Sun Microsystems released a security patch that addresses seven critical vulnerabilities in the Java Runtime Environment (JRE). These security flaws are classified as “extremely dangerous” because they can be exploited by malicious hackers to remotely gain control over users’ systems.
According to a security advisory from Secunia, the seven serious vulnerabilities affect the Java Runtime Environment running on Windows, Solaris, and Linux operating systems using Java Development Kit (JDK) versions 1.5, Software Development Kit (SDK) versions 1.3 and 1.4, and JRE versions 1.3, 1.4, 1.5, 5.0, or earlier. Secunia has rated these vulnerabilities as “extremely dangerous.”
Sun’s JRE software—particularly version 1.4—is widely installed on many computers to provide an operational environment for Java applications. These applications run in a separate area isolated from the user’s system, known as a “sandbox.”
The latest security vulnerabilities were discovered in a Java Runtime Environment application programming interface (API)—a component that facilitates the exchange of information between sandboxes and the system. These vulnerabilities can be exploited by hackers to remotely access users’ Java applications, allowing them to read and write files or execute code.
In November of last year, Sun also had to release a patch to fix five other security vulnerabilities in JRE that were related to API functions.
