Sun bits are serious flaws in Java

On February 8, Sun Microsystems issued a security patch to fix seven serious errors in the Java Runtime Environment (JRE). These are security holes that are classified as 'extremely dangerous' because they can be exploited by malicious hackers to remotely take control of the user's system.

According to a Secunia security recommendation, seven critical security bugs affect the Java Runtime Environment environment running on Windows, Solaris and Linux platforms using the Java Development Kit 1.5, Software Development versions Kit (SDK) 1.3 and 1.4, JRE 1.3, 1.4, 1.5 and 5.0 or lower. Secunia ranked the above security holes into 'extremely dangerous' levels.

Sun's JRE software - especially version 1.4 - is very popularly installed on these computers to create an operating environment for Java applications. These applications operate in a separate area separate from the user's system called 'sandbox'

These latest security flaws were discovered in a JRE application programming interface, or API, which allows the creation of links to exchange information between 'sandboxes' with the system. These security flaws can be exploited by hackers to remotely access users' Java applications, allowing them to read and write files or execute code.

Last November Sun also had to issue a patch to fix five other security bugs in the JRE that are also related to API functions.