Sun Microsystems has fixed a pair of security bugs in Java that could be exploited by attackers to take over computers running Windows, Linux and Solaris.
Java flaws open door to hackers
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
It seems that they disclosed the security bugs months after releasing the updated Java.
Well, Sun doesn’t exactly have a lot of experience with security flaws
.
This is severly old news, there should maybe be some indication about the fact that the exploits ain’t new and havn’t been for a couple of month.
I don’t see the point of this news item. The patch was already released since February. What’s the biggie?
“…running Windows, Linux and Solaris.”
Why not Mac OSX? It runs Java. What is so special about OSX?
I don’t see the point of this news item. The patch was already released since February. What’s the biggie?
Well, I was kind of glad to see it, as I didn’t know about it. I don’t know anyone personally who patches their Java Runtimes – I sure as hell don’t.
As for as it already being patched for months, if there is an exploit for this and it ends up affecting thousands of machines, people will say it is the user’s fault because the patches are out there. On the other hand, when a similar Windows flaw surfaces and it affects thousands of computers, it’s still Microsoft’s fault, even though a patch has usually been available for months.
The reason OS X isn’t in the list is because Apple writes their own JVM, it’s not from Sun’s JVM/JRE codebase. So, the same exploits don’t exist.
Wait, what do those weird version numbers mean: 1.4.2_0{7,8} and 5.0? GCJ is now 4.0… Hmm,.. well, maybe they’re talking about some other oddball lesser-known proprietary Java implementation, and not GNU’s.
The article also mentions Web Start. I still haven’t a clue what that’s useful for. I mean, you download a .jar, and you run it. They already designed the system right — it’s already simple and elegant. Why bother trying to add another layer? Maybe it’s a marketing thing, dunno.
Now we have a multiplatform bugs:
write once, exploit anywhere!
> It has released two software updates to address the issues:
> J2SE 5.0 Update 2
Huh ?
Meanwhile there exists Update 3…
http://java.sun.com/j2se/1.5.0/download.jsp
Webstart is much better than just distributing a clickable jar file. It allows you to integrate better with the underlying OS, by giving the user the option to create a desktop shortcut and a start menu entry. Also, the software is easily updated via webstart. When a new version is available, webstart prompts the users whether to download the new version when the application starts. Pretty cool if you ask me, since the programmer doesn’t have to write a single extra line of code for all this functionality.
Obviously you don’t get the real benefits of Web Start. It’s not just about downloading a JAR. It’s about making sure your users always run the latest version of your software.
The reason why web apps are successful is because deploying them is easy. No version problems etc. Web Start tries to bring this to Java desktop apps. No need for sending out patches, or writing your own auto update stuff.
I agree with your “Huh?”
For some reason, java.com provides Update 2, but sun.com provides Update 3. Maybe this makes sense to Sun, but not to me.
Anyone have any clues why two different versions are considered ‘Latest’?