• On GameSpot: Wii Fit tells 10-year-old she's fat
February 4, 2008 1:52 PM PST

Why you should patch your Java Runtime Environment

Posted by Robert Vamosi
  • Font size
  • Print

According to Secunia, Sun Microsystems has patched a vulnerability that could allow malicious attackers to bypass certain security restrictions.

Secunia says, "The security issue is caused due to the JRE processing external XML entity references even though the 'external general entities' property is set to FALSE. This can be exploited to e.g. access certain URLs or cause a DoS (denial of service) via malicious XML documents."

Sun says that the JDK and JRE 6 Update 4 for multiple platforms is available for download.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Browsers and extensions,

Security

Tags:

security,

Sun Microsystems,

JDK,

JRE 6,

XML,

Secunia

Share:
Digg
Del.icio.us
Reddit
Recent posts from Defense in Depth
Window Snyder to leave Mozilla
How to handle ID fraud's youngest victims
Is white listing going mainstream?
How Live OneCare changed the antivirus landscape
Express Scripts clients threatened with extortion
Study: DDoS attacks threaten ISP infrastructure
Security expert talks Russian gangs, botnets
Extortion used in Express Scripts database breach
Add a Comment (Log in or register) 3 comments
Java Security Patch
by rmva February 4, 2008 4:01 PM PST
That was clear ... as mud. Do you have any writing skills at all?
Reply to this comment
Lesson for Linux guys...
by ejevo February 11, 2008 1:28 PM PST
The above is an example of a typical Windows user. Once Linux gains broad acceptance then the Linux community will have to deal with this level of ignorance, and you'll have your systems exposed to security crap due to the inability of users to comprehend basic tech.
Which version, if any,of Java do you have
by mhinnewyork February 5, 2008 4:04 PM PST
To test your web browser to see which version of Java it is using, go to www.javatester.org. You need to check every browser as they may be different.
Reply to this comment
advertisement

In the news now

Apple: DRM-free tunes, unibody MacBook Pro

roundup At Macworld, Phil Schiller touts 10 million songs sans DRM, plus 69-cent songs, a unibody 17-inch notebook, iLife updates, and more.


Countdown to CES

special coverage The tech community descends on Las Vegas as the Consumer Electronics Show gets ready to kick off in all its gadgety glory.


About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Site map
Latest news
Business tech
Green tech
Wireless
Security
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
CNET Widgets
About CNET