It’s patch-time again and this one’s not from Microsoft! (Let’s face it – poor security is an industry-wide problem.) Anyway, this one is brought to you by Sun Microsystems…
A vulnerability has been discovered in the Sun Java Runtime Environment (JRE) where applets can break out of the sandbox. This vulnerability applies to all OSs where Java can run. Only the latest JRE/SDK has the fix – 1.4.2_06 (and later) and 1.3.1_13 (and later). Here’s the security alert from Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
For a chatty description comparing Java applets to Hannibal Lechter (Silence of the Lambs), check out:
http://isc.sans.org/diary.php?date=2004-11-23
Various security advisories with more details than the Sun security alert can be found here:
http://secunia.com/advisories/13271/
and here: