July 13th, 2007


"Dangerous Java flaw threatens virtually everything."

Google's Security team has discovered vulnerabilities in the Sun Java Runtime Environment that threatens the security of all platforms, browsers and even mobile devices.

"This is as bad as it gets," said Chris Gatford, a security expert from penetration testing firm Pure Hacking. "Java runs on everything: cell phones, PDAs, and PCs. This is the problem when you have a vulnerability in something so modular - it affects so many different devices."

"Also, this exploit is browser independent, as long as it invokes a vulnerable Java Runtime Environment," said Gatford.


Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file.


Write once - sploit anywhere! ;]

Well, we can always fall back and write everything in C++, right? Uh yeah, about that...