Java Virtual Machine flaw

http://www.vnunet.com/news/1159632

"Security experts have warned that millions of computer desktops are at risk from a newly discovered vulnerability in Sun Microsystems' Java Virtual Machine (JVM).

IT security firm CyberGuard claimed that the Java flaw, which is present in the JVM on most desktop computers, "poses a significant security threat because it will not be closed by the usual Microsoft update process".

"JVM is used extensively by many online services such as maps or chat portals," said Horst Joepen, chief executive of CyberGuard's Webwasher subsidiary.

"This vulnerability could have a major impact on most enterprises, since even those with strict security policies do not usually forbid the download or use of Java."

Joepen explained that the vulnerability is currently available only as a 'proof of concept' code, and that there had been no recorded outbreak of a virus or worm.

However, he said that once a "vulnerability of this magnitude" is exposed, it is usually not long before the hackers produce an exploit.

"Most PCs are vulnerable, since JVM is downloaded when users try to access websites that check for a JVM and then ask the user to automatically install it," Joepen said. "Since the Sun JVM is not part of Windows, Microsoft patches won't help." "

(My apologies if this has already been covered). Pete

 

What the heck... yet another flaw.

 

One thing that totally confuses me is that I'm sure I had read somewhere that the ..._06 JRE update had fixed this vulnerability. And yet both the Java Control Panel's Update button and the download site itself tell me that my _05 is right up to date.

 

Thanks dvk, got the _06 just fine after I'd uninstalled _05 first, as you suggested.

Oddly, even the "get it now" button/link took all of 2 seconds to advise that my _05 installation was right up to date, if I didn't uninstall it first.