There are a number of really good reasons to update to the latest version
of Java. Not the least of which is the fact that older versions of the Java
Runtime Environment have now been reported to be at risk from seven highly
critical vulnerabilities.
Sun advisory number 102171 describes the vulnerabilities and is titled,
“Security Vulnerabilities in the Java Runtime Environment may Allow an
Untrusted Applet to Elevate its Privileges.”
According to security firm Secunia, various unspecified errors in the “reflection” APIs cause the vulnerabilities, which could lead to a system compromise.
Sun’s advisory does not specify what the actual errors are. A Sun
spokesperson was not immediately available for comment.
The first advisories related to the vulnerabilities in the “reflection”
APIs date back to at least November when the company issued Sun Alert ID: 102003, which identified three vulnerabilities.
IBM issued its own “technote faq” in December.
Java Runtime Edition (JRE) 5.0 and Java Development Kit (JDK) update 5 and
earlier are reported to be at risk from the vulnerabilities. The most
current version of JRE 5.0 is update 6, which has already fixed the seven newly
disclosed vulnerabilities.
Java users of all OS flavors, including Windows, Linux and Solaris, are
strongly encouraged to upgrade their JREs.