There is a new security hole in Sun’s version of the Java Virtual Machine. I know some people here have installed Java to be able to use the chat feature so I’m mentioning the security problem here. Update your Java.
Some of the sites at Sun.com still report 1.4.2_05 as being current. If you check there it will say that the version of Java you have installed is current. That is not correct. Verify that you have 1.4.2_06 or 1.5.0 installed. There is a Control Panel applet for Java that will tell you what version you have.
There do not appear to be any actual malicious exploits taking advantage of this one yet. But there will be soon. There is proof of concept code out there and it won’t be long till the malicious code is out there.
Linux is also vulnerable to this one. So you Linux users need to update too.
I still can’t believe that Sun has messed up their update feature just when this vulnerability is made public. The update feature used to work and would alert you when a new version was out and would tell you when your version was no longer current. Now, when everyone needs it most, it is broken.
This is a nasty vulnerability. All you have to do is visit a web site, or have that web site visit you, and you can get compromised.
It allows a Java applet to run outside of the browser sandbox and with the privileges of the user. In most cases that means it will have full system access. It will be able to delete files, install files, download files from other locations, execute files, and pretty much anything that it wants. All in Java.
This one is bad, and it’s going to catch a lot of people off guard right now.