Sun Microsystems has warned of a security hole in Java that could allow hackers to infiltrate Java environments and execute unauthorised commands.
According to a security bulletin issued by the company this week, Sun said certain versions of the Java Runtime Environment (JRE) could allow malicious Java code to run unauthorised commands.
However, since JRE's default setting prevents unauthorised commands, Sun claimed the exploitation of the vulnerability would be rare.
"It is like leaving your house door open. The default is for you to lock it, but if you leave it open, anyone could get in," said a spokesman, who explained that the flaw could be exploited if permission to execute at least one command is granted.
According to Sun, there have been no reported instances of the hole being exploited but that JRE and Java Developer Kit versions 1.2.2_005 and 1.2.1_003, and earlier releases, could be affected.
The company also warned that the flaw could be exploited in Java implementations from its licencees but said a remedy has been made available to them. However, Sun said Netscape Navigator and Microsoft Internet Explorer, which use Java technology, are not exposed to the vulnerability.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away