Sun updates Java for Microsoft flaw

From the ‘have you updated yet?‘ files:

Sun is out this week with a significant security update for Java SE 6.  US-CERT warns that the Java vulnerabilities could potentially enable an attacker to execute arbitrary code or bypass authentication methods.

Technically speaking, the update is labeled update 15 (6u15) and is accompanied by no less than 7 seperate Sun security alerts:263408


Perhaps the most significant flaw patched by Sun in the Java update is detailed in alert
, which is directly related to the recent out of band updates from Microsoft.

“A security vulnerability in the Active Template
Library (ATL) in various releases of Microsoft Visual Studio that is
used by the Java Web Start ActiveX control may allow the Java Web Start
ActiveX control to be leveraged to execute arbitrary code,” Sun’s advisory states. “This may
occur as the result of a user of the Java Runtime Environment viewing a
specially crafted web page that exploits this vulnerability.”

It’s interesting to see how many third party vendors were affected by the ATL issue. Adobe was also affected by the same issue.

News Around the Web