Adobe and Sun release critical patches
Published: 16 Jul 2007 12:47 BST
IT professionals have been warned to patch vulnerabilities in the Adobe Flash Player application and Sun Java Runtime Environment as soon as possible.
The vulnerabilities mean that employees can get "hacked just by viewing a web page that contains malicious Flash or Java content", warned antivirus company F-Secure in its blog.
Sentry Posts Blog
Guarding the network
What you need to know — and what you and your peers have to tell us — about security management in our new community group blog
Both Adobe and Sun issued patches for the vulnerabilities in updates last week. The Adobe update addresses an input validation error in Flash Player version 9.0.45.0 and earlier versions that could lead to the potential execution of arbitrary code.
The Sun update links to a patch for a buffer overflow vulnerability in the image-parsing code in the Java Runtime Environment that may allow an untrusted applet or application to elevate its privileges.
The flaw in the Java Runtime Environment could be particularly serious if left unpatched, according to Chris Gatford, a security professional from penetration-testing firm Pure Hacking.
"Java runs on everything: cell phones, PDAs and PCs. This is the problem when you have a vulnerability in something so modular — it affects so many different devices," Gatford told ZDNet.co.uk sister site ZDNet Australia.
"Also, this exploit is browser independent, as long as it invokes a vulnerable Java Runtime Environment," Gatford added.
Did you find this article useful?
3 out of 5 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
