Sun Patches 7 Critical Java Runtime Bugs
Java Runtime Environment (JRE) provides the minimum needed to run Java applications or applets, which are deployed by Web sites and launch from within the browser.
The flaws, said Sun, are due to errors in the "reflection" APIs, and can be leveraged by attackers using maliciously-crafted applets to read and write files on the compromised system's hard drive, or execute programs. Sun, as is its practice, kept mum on details of the vulnerabilities.
Several editions of JRE are threatened by the bugs, including JRE 1.3.1_16 and earlier, JRE 1.4.2_09 and earlier, and JRE 5.0 Update 4 and earlier.
Sun recommended that users update to newer versions of JRE, and provided links in the advisory to those updates. Alternately, users can download JRE 5.0 Update 6 from here.
Unlike Microsoft, Sun does not place vulnerabilities in threat or risk categories, but Danish vulnerability tracker Secunia labeled the bugs as a cumulative "Highly critical" problem, its second-highest warning.