Sun updates Java for Microsoft flaw

javasmall.jpg
From the ‘have you updated yet?‘ files:

Sun is out this week with a significant security update for Java SE 6.  US-CERT warns that the Java vulnerabilities could potentially enable an attacker to execute arbitrary code or bypass authentication methods.

Technically speaking, the update is labeled update 15 (6u15) and is accompanied by no less than 7 seperate Sun security alerts:263408
,
263409
,
263428
,
263429
,
263488
,
263489
,
and

264648
.

Perhaps the most significant flaw patched by Sun in the Java update is detailed in alert
264648
, which is directly related to the recent out of band updates from Microsoft.

“A security vulnerability in the Active Template
Library (ATL) in various releases of Microsoft Visual Studio that is
used by the Java Web Start ActiveX control may allow the Java Web Start
ActiveX control to be leveraged to execute arbitrary code,” Sun’s advisory states. “This may
occur as the result of a user of the Java Runtime Environment viewing a
specially crafted web page that exploits this vulnerability.”

It’s interesting to see how many third party vendors were affected by the ATL issue. Adobe was also affected by the same issue.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web