NEWS FROM THE LAB - Thursday, January 18, 2007

Time To Update Your Java Posted by Jarno @ 11:47 GMT

Advisory 102760

Last Thursday, we suggested that you update some of your applications…

Well, on Tuesday, January 16th, Sun released an advisory regarding a vulnerability in processing GIF images in some versions of the Java Runtime Environment.

When running a Java applet from a web page using a vulnerable version of Java Runtime, an applet exploiting the vulnerability may escape Java's sandbox. This means that the Java applet would have exactly the same access to the file system and process execution as any native application.

Java vulnerabilities have been actively used by malicious web pages in the past, so it is quite possible that this new vulnerability will also be used.

So do make sure that your Java runtime is up to date, instructions are available at Sun Advisory #102760.

Note: Sun provides links to J2SE 5.0 Update 10 in their advisory. As we posted earlier, version 6.0 is also available from: java.sun.com.

According to Sun, this vulnerability does not affect the Java versions used on mobile phones (J2ME).