Sun Patches Critical Flaw In JVM

Great to see that Sun is on the ball with security flaws. As TechConnect points out, there was a nasty little hole in Sun’s Java Virtual Machine that could allow your browser to be exploited.

Thankfully, it has patched it and will most likely make sure to keep a watchful eye on upcoming problems as they come about.

A HOLE in Sun’s Java Virtual Machine which enabled it to exploited through a browser has been patched. The flaw, found by researcher Jouko Pynnonen was found in the Java plug-in, which affects JRE 1.3.x and 1.4.x and SDK 1.3.x and 1.4.x. It was a design error, as JavaScript code can create and transfer objects to untrusted applets for some private and restricted classes used internally by the JVM.

Sun Microsystems said the flaw could be exploited on most operating systems including Windows, Linux and Solaris.

It has issued a patch and incorporated into versions SDK and JRE 1.4.2_06 and later and SDK and JRE 1.3.1_13 and later.