Sun moves to eclipse Java hackers

Sun Microsystems has moved to patch a potentially devastating flaw in the Run Time Environment of its Java Virtual Machine (JVM) that security experts warn could leave millions of desktops open to hack attack.

The Java giant said that it is aware that a "possible security vulnerability in the JVM" has been found by IT security firm Secunia.

The company added that it has been collaborating with the engineers who uncovered the flaw to "quickly address the issue".

"Although there have been no reported cases [Sun's own emphasis] of this potential vulnerability being exploited by hackers, Sun takes this issue seriously, as it does all security issues," the vendor stated.

According to Sun, it began distributing an upgrade that addressed the vulnerability to its customers in early October.

The company stated that it has "posted the security alert and the updated version of the Java Runtime Environment that eradicates a possible vulnerability to the general public".

Sun declined to speculate on the vulnerability or scenarios under which it could be exploited. The upgrade is available at Sun's developer website here.

The potential danger of the flaw in JVM, which is present on millions of desktops across the globe, was highlighted by IT security firm CyberGuard, which pointed out that the vulnerability will not be closed by the "usual Microsoft update process".

"This vulnerability could have a major impact on most enterprises since even those with strict security policies do not usually forbid the download or use of Java," said Horst Joepen, chief executive at CyberGuard's Webwasher subsidiary.