Researchers at the University of Washington have found a bug in Java that could crash the Virtual Machine.
JavaSoft has posted a statement on its web page acknowledging the bug, but denies it is a security issue because the university did not conduct a denial-of-service attack.
University researchers found a verifier bug as part of a research project called Kimera which is devoted to developing automatic Java verification services.
Maryanne Mueoler, security staff engineer at JavaSoft, explained: "The bug they found was a verifier bug which is quiet different to a security bug. The university was testing the JavaSoft verifier and found the bug in the Java Virtual Machine."
Sun posted a patch for the bug on its web site late last week, but Mueoler told PC Week there were several discrepancies during the tests. She said: "The university found a few discrepancies in its tests. One of these could be potentially used as an exploit (attack). We have decided to concentrate on this one because it is the only one that could potentially cause problems."
According to Sun, there have been no attacks that exploit the bug. Mueoler added: "I don't see any reason to worry about this at all. The worst thing that could happen is that a malicious applet might cause the browser to crash."
The patch is available at www.sun.com
Sun is working very closely with the University of Washington, particularly with the Virtual Machine and although bugs are being found they seem to be more of an academic threat than a real one.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all