Java and Flash fixes tax system security
PrintMore updates on the patch bandwagon
Posted in Software & Security, 16th July 2007 14:49 GMT
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Sys admins hoping to put their feet up after Microsoft's monthly update, which went far from smoothly, faced the problem of pushing out Java and Flash security updates issued at the tail end of last week.
Users are susceptible to hacking attacks just by viewing a web page that contains malicious Flash or Java content, as a result of multiple vulnerabilities in the packages. Fortunately, Adobe and Sun have both issued security updates designed to guard against possible attack.
A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment means untrusted applets or applications could grant themselves permission to read and write local files. A separate system crashing vulnerability means users need to upgrade to JRE 5 Update 12 or JRE 6 Update 2. The issue, which also means developers need to upgrade Java Development Kit software, is explained in greater depth in Sun's advisory here.
Various versions of Adobe Flash Player are also subject to buffer overflow flaws, which likewise allow hackers to inject hostile code onto vulnerable systems. Users need to update to version 9.0.47.0, as explained here.
Although neither vulnerability has been packaged as a script-kiddie friendly exploit as yet, users and sys admins are urged to apply updates sooner rather than later. ®
Free whitepaper – Managing desktop software for fun and profit
Enabling the Agile Data Center
Straight Talk with Dell: Sending out an SaaS
The business value of SIP VoIP and trunking
New storage architectures make SSDs more cost-effective
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs