Sun Microsystems announced on Tuesday, June 14, 2005, has fixed a pair of security bugs in Java that could be exploited by attackers to take over computers running Windows, Linux and Solaris (almost all kinds of OS :-O ).

The flaws are “highly critical” security monitoring company Secunia said in an advisory posted Tuesday.

Quoted:
Both flaws affect the Java Runtime Environment, or JRE. This is the Java software many computer users have on their system to run Java applications. The bugs could allow a Java application to read and write files or execute applications on a victim’s computer, Sun said in two separate security advisories released Monday.

One is a general flaw in the JRE, while the other is specific to Java Web Start, a technology to load Java applications over a network such as the Internet. However, Sun said it wasn’t aware of any exploits or attacks using the flaws.

Sun Microsystems is urging people to install updated software to protect against possible exploitation of the security flaws. It has released two software updates to address the issues: J2SE 5.0 Update 2, which has actually been available since February, and J2SE 1.4.2_08, which was released recently, company representatives said. The software can be downloaded from the Java.com Web site.

Download: Java 2 Platform Standard Edition 5.0