Sun Issues Java Security Update
Sun Microsystems has issued an update to plug a pair of security holes in its Java Runtime Environment software. JRE is a widely installed software bundle that Web sites use to serve visitors with multimedia, interactive content.
One of the security holes could be exploited to break into Windows machines by convincing a user to visit a corrupt Web site. It's a popular problem because if you're running Microsoft Windows, a version of this is installed on your machine. Ninety-eight percent of all visitors to washingtonpost.com had a version of JRE installed, according to numbers we pulled on Thursday, although the site's statistics tool couldn't break it down by installed version number.
The latest version of Sun's JRE is not vulnerable, but Sun doesn't make it easy for the average user to determine which version is installed on his machine. Additionally, each user probably has more than one version of Java per machine.
The majority of Windows users likely have either JRE 6 or JRE 5.0 installed. The latest patched versions are JRE 6 Update 1, or JRE 5.0 Update 11. To see which version you have installed, go to "Start," "Control Panel," then "Add/Remove Programs," and scroll halfway down the list. If you find older versions of Java already installed, you should uninstall them.
The last time Security Fix wrote about Java updates, a reader asked whether any bad guys bothered to exploit Java vulnerabilities. I replied that criminals would be foolish to ignore it, given the massive installation base of this program. The SANS Internet Storm Center recently posted an alert about a malicious Web site capitalizing on a Java vulnerability that Sun patched in January to silently install a password-stealing program on machines whose users visited the site with outdated versions of Java.
Unless you have a very old version of Java installed, you should be able to update by clicking "Start," "Control Panel," and then double-clicking on the "Java" icon. In the box that pops up, click on the "Update," tab, and then the "Update Now," button. Alternatively, Windows users can download the update titled "Java Runtime Environment (JRE) 6u1" from this link.
June 8, 2007; 2:59 PM ET
Categories: From the Bunker , Latest Warnings , New Patches , Safety Tips
Save & Share: Previous: Substitute Teacher Granted New Trial in Porn Case
Next: Microsoft to Issue Six Security Updates
The comments to this entry are closed.