7 critical flaws discovered in several versions of Java

By Justin Mann on February 10, 2006, 1:00 PM
Anyone using Sun's Java Runtime Environment on their system should be aware of various flaws recently discovered that could put your machine at risk. Announcing the holes in a security advisory, Sun already has fixes available in the newer versions of the JRE. Many of these bugs are platform-independent, making the need to update all that more important.

The flaws, said Sun, are due to errors in the "reflection" APIs, and can be leveraged by attackers using maliciously-crafted applets to read and write files on the compromised system's hard drive, or execute programs. Sun, as is its practice, kept mum on details of the vulnerabilities.
The latest version of the JRE at updates 5 or 6 is not affected. If you are using Windows or Linux, it's just a matter of downloading and running the installer.




User Comments: 9

Got something to say? Post a comment
cyrax said:
Good grief. Java is always buggy. The official release from sun even contains viruses. The computing world deserves better than this.
Race said:
Just so no one is confused by 'updates 5 or 6'......that would be any version at 1.5.0 or above.The current update is 1.5.0_06
Need_a_Dell said:
I've never been a big fan of Java. I've actually avoided using Azerus because it is Java based! I find that Java seems to be a half-assed attempt to compete with Flash, and the level of production is extremely low. I find Java unreliable and a nuinsance. The only reason that I have it installed is so that I can play Family Feud on Uproar.com. After hearing about these holes, (which I'm not all that surprised to hear about) I think I'm just going to scrap the program all together.
nathanskywalker said:
[b]Originally posted by Need_a_Dell:[/b][quote]I've never been a big fan of Java. I've actually avoided using Azerus because it is Java based! I find that Java seems to be a half-assed attempt to compete with Flash, and the level of production is extremely low. I find Java unreliable and a nuinsance. The only reason that I have it installed is so that I can play Family Feud on Uproar.com. After hearing about these holes, (which I'm not all that surprised to hear about) I think I'm just going to scrap the program all together.[/quote] Yep, i totaly agree. unfortunently i use it anyway. But java definently could use...something, like mabye a little fire and water...electrical fire you know.
Nodsu said:
[b]Originally posted by Need_a_Dell:[/b][quote]I find that Java seems to be a half-assed attempt to compete with Flash, and the level of production is extremely low. [/quote]Java released: 1994Flash released: 1996I will not even mention that your are comparing oranges and apples here..
Need_a_Dell said:
[b]Originally posted by Nodsu:[/b][quote][b]Originally posted by Need_a_Dell:[/b][quote]I find that Java seems to be a half-assed attempt to compete with Flash, and the level of production is extremely low. [/quote]Java released: 1994Flash released: 1996I will not even mention that your are comparing oranges and apples here..[/quote]Yes, I may be comparing oranges and apples, but some people prefer one fruit over the other. In this case, I like Flash WAY more than Java. I don't think that release dates really matter in this case, cause Java has had lots of time to fix up their problems after seeing what Flash was capable of...
Nodsu said:
Nice. I'd like you to write an operating system in Flash. Or maybe a desktop environment like Project Looking Glass? Or, well, as you are obviously not that experienced, maybe a simple "hello world" program that would work on Windows, Linux, BSD, Solaris, AIX, OS/2 and all other platforms Java is available for?
PUTALE said:
I agree. I think java is nice but I also encounter a lot of problem through out the years. I think the software writters from Suns needs to work harder to makea better java.
Race said:
To correct a typo on my earlier post............."updates 5 or 6" meaning 1.5.0_05 or 1.5.0_06
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.