Sun java update process vulnerable



The Java Runtime Environment from Sun has a vulnerability that’s due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are likely still there EVEN after an update AND to make things even worse, a specially designed website could specifiy the version of the JRE to use in dealing with java components on the page. Sun’s advisory here on the issue. The story is from the SecurityFix and I’m bothered by the same point that get’s Brian about this update….


Why oh why???? if the vulnerability is that OLDER versions of JRE remain on disk without a MANUAL uninstall, can’t they AUTOMATICALLY uninstall the older versions with the update installer!!!!

Fortunately, Sun has uninstall instructions. Brian said he had a laptop that had no fewer than 4 version’s of Sun’s Java. Given that many of the updates would solve security vulnerability issues, please take the time to analyze systems to make sure that they not only have the most recent version, BUT ALSO have removed the older versions of Sun’s JRE.

   Send article as PDF   

Similar Posts