IT professionals have been warned to patch vulnerabilities in the Adobe Flash Player application and Sun Java Runtime Environment as soon as possible.
The vulnerabilities mean that employees can get "hacked just by viewing a Web page that contains malicious Flash or Java content", warned anti-virus company F-Secure in its blog.
Both Adobe and Sun issued patches for the vulnerabilities in updates last week. The Adobe update addresses an input validation error in Flash Player version 9.0.45.0 and earlier versions that could lead to the potential execution of arbitrary code.
The Sun update links to a patch for a buffer overflow vulnerability in the image-parsing code in the Java Runtime Environment that may allow an untrusted applet or application to elevate its privileges.
The flaw in the Java Runtime Environment could be particularly serious if left unpatched, according to Chris Gatford, a security professional from penetration-testing firm Pure Hacking.
"Java runs on everything: cell phones, PDAs and PCs. This is the problem when you have a vulnerability in something so modular--it affects so many different devices," Gatford told ZDNet U.K. sister site ZDNet Australia.
"Also, this exploit is browser independent, as long as it invokes a vulnerable Java Runtime Environment," Gatford added.
Play video
There are currently no comments for this post.