Sun Java Vulnerabilities... again

"Seven (7) vulnerabilities with the use of "reflection" APIs in the Java Runtime Environment may independently allow an untrusted applet to elevate its privileges. For example an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet....

... It is recommended that affected versions be removed from your system. For more information, please see the installation notes on the respective download pages."

Ok, so why the hell does Sun Java leave vulnerable versions of their software installed when we update? You have to go in and manually remove the exploitable stuff via add/remove programs. Spyware Sucks : Sun Java Vulnerabilities... again

Linked by shanmuga Thursday, 9th February 2006 7:49AM