Java SE6 Update Fixes Exploit Linked to ActiveX Flaw

Dennis Faas's picture

Java SE6 is set to receive what is being called "significant security patches."

The need for repair came after the US-CERT (United States Computer Emergency Readiness Team) warned that a number of vulnerabilities were in existence, allowing potential hackers to bypass authentication methods and execute arbitrary codes.

One flaw exposes Java's audio system; if left unpatched, online deviants could be given access to a computer system without authorization. Another exploit provides root access to a vulnerable machine.

Java Exploit Linked to ActiveX

The most prominent flaw to be patched is directly related to the flaws experienced in Microsoft ActiveX.

According to the public advisory released by Sun Microsystems, "security vulnerabilities in the Active Template Library (ATL) in various releases of Microsoft Visual Studio that is used by the Java Web Start ActiveX control may allow the Java Web Start ActiveX control to be leveraged to execute arbitrary code." (Source: Internetnews.com)

Exploits Discussed at Black Hat Security Conference

At Black Hat 2009, a conference designed to outline and discuss a variety of current security issues, the effect of third party vendors as a result of ATL vulnerabilities was discussed at great length.

Almost all who attended the conference agreed on the fact that the ramifications of the vulnerabilities were being experienced far beyond the walls of Microsoft. (Source: newstin.co.uk)

Download Java SE Update

The latest Java SE update can be downloaded from Sun's website, which resolves the aforementioned exploits [highly recommended]:

http://java.sun.com/javase/downloads/index.jsp

Rate this article: 
No votes yet