Sun fixes multiple vulnerabilities in Java
Sun has published four security advisories detailing security vulnerabilities in its Java Runtime Environment (JRE). A bug in applet caching can enable an untrusted applet to establish network connections with systems or servers other than the server from which it has been downloaded, contrary to normal Java security policies. In addition, untrusted applets can open a window sufficiently large that JRE warning messages are not visible to the user. Fraudsters could exploit this to fool users into accepting specific content as trusted.
Malicious applets can also obtain access to a system via drag and drop. However, Sun point out that to achieve this the applet would have to persuade the user to drag files from the applet window into an application with write privileges.
The three vulnerabilities described are present in JDK and JRE 6 Updates 2 and earlier, JDK and JRE 5.0 Updates 12 and earlier, SDK and JRE 1.4.2_15 and earlier and SDK and JRE 1.3.1_20 and earlier. The bugs are fixed in JDK and JRE 6 Update 3, JDK and JRE 5.0 Update 13 and SDK and JRE 1.4.2_16. Version 1.3.1_21 of SDK and JRE 1.3.1 should be released shortly.
In addition, Sun has also reported three vulnerabilities in Java Web Start which enable applets to obtain access to local files and applications. All three bugs are present in the above versions, however not all of the bugs are present in each version. Only SDK and JRE 1.3.1 are not affected - these versions do not include Web Start. These vulnerabilities are likewise fixed in the latest versions. It should be noted that Java updates usually install a completely new version without deleting the previous version. Users must therefore uninstall the old, vulnerable version manually.
- Security Vulnerability in Java Runtime Environment With Applet Caching May Allow Network Access Restrictions to be Circumvented, security advisory from Sun
- Java Runtime Environment (JRE) May Allow Untrusted Applets or Applications to Display An Oversized Window so that the Warning Banner is Not Visible to User, security advisory from Sun
- Multiple Security Vulnerabilities in Java Web Start Relating to Local File Access, security advisory from Sun
- An Untrusted Java Web Start Application or Java Applet May Move or Copy Arbitrary Files by Requesting the User to Drag and Drop a File from Application or Applet Window to a Desktop Application, security advisory from Sun