Sys admins hoping to put their feet up after Microsoft's monthly update, which went far from smoothly, faced the problem of pushing out Java and Flash security updates issued at the tail end of last week.

Users are susceptible to hacking attacks just by viewing a web page that contains malicious Flash or Java content, as a result of multiple vulnerabilities in the packages. Fortunately, Adobe and Sun have both issued security updates designed to guard against possible attack.

A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment means untrusted applets or applications could grant themselves permission to read and write local files. A separate system crashing vulnerability means users need to upgrade to JRE 5 Update 12 or JRE 6 Update 2. The issue, which also means developers need to upgrade Java Development Kit software, is explained in greater depth in Sun's advisory here.

Various versions of Adobe Flash Player are also subject to buffer overflow flaws, which likewise allow hackers to inject hostile code onto vulnerable systems. Users need to update to version 9.0.47.0, as explained here.

Although neither vulnerability has been packaged as a script-kiddie friendly exploit as yet, users and sys admins are urged to apply updates sooner rather than later. ®

Related stories

• Nasty PDF exploit runs wild (24 October 2007)
• Sun patches multiple flaws in Java (5 October 2007)
• Flash flaw may prompt Wii to 'hang' (24 July 2007)
• Security conferences versus practical knowledge (19 July 2007)
• Oracle preps July patch blitz (13 July 2007)
• MS update sends PCs 'haywire' (12 July 2007)
• Three critical flaws mark July Patch Tuesday (11 July 2007)
• Sun's handling of Java security update prompts concerns (10 July 2007)
• Adobe patches Acrobat, Reader flaws (17 December 2004)