RealTime IT News

Java Users at Risk

There are a number of really good reasons to update to the latest version of Java. Not the least of which is the fact that older versions of the Java Runtime Environment have now been reported to be at risk from seven highly critical vulnerabilities.

Sun advisory number 102171 describes the vulnerabilities and is titled, "Security Vulnerabilities in the Java Runtime Environment may Allow an Untrusted Applet to Elevate its Privileges."

According to security firm Secunia, various unspecified errors in the "reflection" APIs cause the vulnerabilities, which could lead to a system compromise.

Sun's advisory does not specify what the actual errors are. A Sun spokesperson was not immediately available for comment.

The first advisories related to the vulnerabilities in the "reflection" APIs date back to at least November when the company issued Sun Alert ID: 102003, which identified three vulnerabilities.

IBM issued its own "technote faq" in December.

Java Runtime Edition (JRE) 5.0 and Java Development Kit (JDK) update 5 and earlier are reported to be at risk from the vulnerabilities. The most current version of JRE 5.0 is update 6, which has already fixed the seven newly disclosed vulnerabilities.

Java users of all OS flavors, including Windows, Linux and Solaris, are strongly encouraged to upgrade their JREs.