Jidaw Systems

Clouds of Java Trouble for Sun

Sun Microsystems has disclosed a serious vulnerability in the Java Plug-in technology within the Software Developers' Kit (SDK) and the Java Run-time Environment (JRE) that allows attackers to bypass the Java sandbox and Java applet security. 

A flaw in Sun Microsystems' plug-in for running Java on a variety of browsers
and operating systems could allow a virus to spread through Microsoft Windows and Linux PCs. The flaw is due to the access controls of the Java-to-Javascript data exchange in Web browsers that use Plug-in technology, and lets Javascript load an unsafe class. As a result, a remote attacker could execute hostile applets to access, download, upload or execute arbitrary files, as well as access the Java Virtual Machine user's network. 

According to Sun's advisory, "A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet".
Security information provider Secunia posted information about the flaw in an advisory that rated it a "highly critical" threat.

The episode is a big embarrassment for Sun, as Java was designed to be secure. The technology involved is used by Web developers to create small programs, or applets, that can run on any operating system. Java is designed to run programs downloaded from the Internet on various operating systems safely, without causing any harm on the P, using the "sandbox" that cuts off Java applets from the rest of the system. 
Sun's CEO, Scott McNealy, only recently asked the following question to emphasize the secure nature of Java: "When was the last time you heard of a Java virus?" Sorry Scott but you have a major boo boo on your hands.

Sun says there is no workaround, and recommends that users of SDK and its JRE subset move to versions 1.4.2_06 and later or 1.3.1_13 and later. And in a statement disclosing the vulnerability stated: "Sun is aware that a possible security vulnerability in the Java Virtual Machine was found by Secunia, and has been collaborating with them on quickly addressing the issue," the statement said. "Although there have been no reported cases of this potential vulnerability being exploited by hackers, Sun takes this issue seriously, as it does all security issues". 

A flaw-free version of the JVM software is available on Sun's Web site. 



More on IT Security & Java Resources:


IT Security Resources

More Security Resources & IT Security Articles

Computer and Internet Fraud

IT Security certifications & Career

Internet Policy Guide  

The World of Java

Get IT Updates, Tips, Career guides in your FREE Newsletter. 


Your Guide to taking the Right IT Career Decisions



What Do you Have to Say? Post Your Comments about this content resource Here.



comments powered by Disqus


Innovation is integral to Sustainability

Read more

Samsung Galaxy Grand Prime: Important Features and Sincere Impressions

Read more

Girls in ICT Day Events and Activities

Read more

Self Worth, New Year

Read more

Girls in ICT Day Events and Activities

Read more

Level of OSS deployment and usage in Nigeria

Read more

Self Worth, New Year

Read more

Students face the Reality

Read more



Ideas are not enough. You must be action oriented to improve your future.



Don't just think but act. You get results not only from thinking but from acting.



You have ideas. You want to achieve. You want opportunity.



But what are you still doing in your comfort zone? The comfort zone is a dangerous place.



"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.



Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.



GO on the offensive now with IT Education and Empowerment.



What is the use of ideas without action?



Start becoming the achiever you deserve to be.