US-CERT is warning users to upgrade their Java installations to protect against a number of serious security vulnerabilities.
Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
In total it’s difficult to grasp how many seperate vulnerabilities there actually are in Java. According to US-CERT, Sun issued no less than 7 seperate alerts some of which detail multiple security vulnerabilities.
Among them are:
* 233321 Two Security Vulnerabilities in the Java Runtime
Environment Virtual Machine* 233322 Security Vulnerability in the Java Runtime Environment With
the Processing of XSLT Transformations* 233323 Multiple Security Vulnerabilities in Java Web Start May
Allow an Untrusted Application to Elevate Privileges* 233324 A Security Vulnerability in the Java Plug-in May Allow an
Untrusted Applet to Elevate Privileges* 233325 Vulnerabilities in the Java Runtime Environment image
Parsing Library* 233326 Security Vulnerability in the Java Runtime Environment May
Allow Untrusted JavaScript Code to Elevate Privileges Through Java
APIs* 233327 Buffer Overflow Vulnerability in Java Web Start May Allow
an Untrusted Application to Elevate its Privileges
At risk are multiple Sun Java Runtime Environment versions that US-CERT details in its alert. So if you’re one of the many Java users that doesn’t have automatic updates for Java – go get the latest version of Java now!