Dangerous Java Flaw Threatens Numerous Platforms

Advertisement (Why?)

Google's Security team has discovered vulnerabilities in the Sun Java Runtime Environment that threatens the security of all platforms, browsers and even mobile devices. "This is as bad as it gets," said Chris Gatford, a security expert from penetration testing firm Pure Hacking.

Australia's Computer Emergency Response Team (AusCERT) analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk. "It's a pretty significant weakness, which will have a considerable impact if the exploit codes come to fruition quickly. It could affect a lot of organizations and users," Gatford told ZDNet Australia.

According to Gatford, the bugs threaten pretty much every modern device. "Java runs on everything: cell phones, PDAs, and PCs. This is the problem when you have a vulnerability in something so modular--it affects so many different devices. Sun Microsystems said the flaw has since been patched.

"Also, this exploit is browser independent, as long as it invokes a vulnerable Java Runtime Environment," said Gatford. Pure Hacking's Gatford said the problem is compounded by the slim chance of an enterprise patching Java Runtime vulnerabilities. "It would be an extremely difficult and laborious process for an organization trying to patch Java Runtime across the enterprise," he said.

View: The whole story

News source: ZD|Net Asia

(3 replies) #1 McG on 23 Jul 2007 - 03:11

SUN'S LOGO! Wow I just noticed it says sun 4 times in it. Fantastic.

#1.1 tiagosilva29 on 23 Jul 2007 - 03:30

Those are called ambigrams, if I'm not mistaken.

#1.2 +Berserk87 on 23 Jul 2007 - 06:08

rofl.

i just noticed that as well.

#1.3 WDGC on 23 Jul 2007 - 21:43

Quote - (Berserk87 said @ #1.2)

... me also.

(2 replies) #2 Davebo on 23 Jul 2007 - 03:16

Isn't this already patched?

According to this it is...

#2.1 billyea on 23 Jul 2007 - 03:38

Even the article says it is

#2.2 Pippin666 on 23 Jul 2007 - 03:41

Yes & and it was mentionned in the article.

Pip'

(4 replies) #3 theyarecomingforyou on 23 Jul 2007 - 03:45

I've always found Java to be slow and insecure - I've come across a few viruses for it (I was infected once across a network before I was using a decent anti-virus) and I don't exactly come across many viruses. I try to avoid it where possible.

#3.1 Jexel on 23 Jul 2007 - 09:13

i think you're talking of a worm...which is different to a virus...i may be mistaken but i'm pretty sure it's impossible to create a virus in java due to the way that the jvm handles the class files...

#3.2 +mrbester on 23 Jul 2007 - 09:16

Quote -

I've always found Java to be slow and insecure...

Perhaps that was because you were using the known-to-be-rubbish Microsoft JVM, which is the one of the first things I get rid of if I ever rebuild my Winbox. MSJVM has had vulnerabilities not present in Sun's Java ever since it was "created" (more like spawned).
One of the great things about Autopatcher is the option to nuke MSJVM from orbit, which I think ought to be enabled by default...

#3.3 XerXis on 23 Jul 2007 - 14:08

Quote - (mrbester said @ #3.2)

msjvm has been removed from microsoft products for a few years now. If you install win2k you will still see it. otherwise i don't know which of your ms products would include msjvm

#3.4 Mathiasdm on 23 Jul 2007 - 16:40

Quote - (theyarecomingforyou said @ #3)

It takes a while to load the Java Virtual Machine, perhaps that is what you're talking about?
Once it's loaded, I never have any problems.

(2 replies) #4 Flint2 on 23 Jul 2007 - 03:54

10 day old news?

#4.1 whocares78 on 23 Jul 2007 - 04:48

just like most of the news on this site, first it comes out on real news sites then here then, the newspapers

#4.2 neufuse on 23 Jul 2007 - 10:47

Even if the news is old, it is still news to some people

(3 replies) #5 tao muon on 23 Jul 2007 - 04:00

I wonder how this would affect Linux and Mac servers and .jsp pages....
Anyone have any statistics?

#5.1 whocares78 on 23 Jul 2007 - 08:47

what part of all platforms did you not understand

#5.2 excalpius on 23 Jul 2007 - 09:04

Apparently, the word "all".

#5.3 _dandy_ on 23 Jul 2007 - 14:12

Quote - (excalpius said @ #5.2)

Yeah..."write once, run everywhere" at its best.

#6 gunnerhkjp on 23 Jul 2007 - 04:23

It would help if they told us which versions are affected by this flaw...

(2 replies) #7 DKAngel on 23 Jul 2007 - 04:40

so how would you go about patching a mobile then

#7.1 whocares78 on 23 Jul 2007 - 04:49

firmware update i would assume

#7.2 Joseph21 on 23 Jul 2007 - 07:38

firmware updates are easily done with nokia's and sony ericsson's phones...
with other brands service centers.
nokia software updater and sony ericsson SEUS (sony ericsson update service=

#8 cork1958 on 23 Jul 2007 - 11:33

Exactly why I never have, don't and won't use Sun's java stuff, other than be slower than poop! Actually, I have used it, otherwise how would I know if I didn't like it?