Sun Microsystems is moving quickly to provide a fix for a security flaw in Java, which allows hackers to pose as trusted publishers to gain access to systems.
The flaw, exposed by researchers at Princeton University, lies in version 1.1.1 of the Java Development Kit, which does not subject applets from ?trusted? publishers - denoted by a digital signature - to normal security checks. Sun?s HotJava browser also contains the loophole.
The Princeton Safe Internet Programming team posted a warning of the security breach on its Web site on Tuesday. "The flaw we found allows an applet to change the system?s idea of who signed it," according to the warning notice.
"The applet can get a list of all signers known to the local system, determine which of those signers is trusted, and then the applet can re-label itself so it appears to have been signed by a trusted signer," it explains.
The Princeton team said it would release more details of the flaw once Sun has posted a fix for it, which according to the company, should be ready on Thursday. Release 1.1.2 of JDK is scheduled for release next month.
The site is perfectly situated for launching small satellites into orbit
Delegates at the ESOF 2018 conference were warned that their perceptions of the digital age were coloured by private industry
Concept vehicle uses gas turbine technology to generate electricity
Fresh from the notes of Ming-Chi Kuo of TF International Securities