Sun to issue mobile Java fix

By David Meyer, ZDNet UK
Monday, August 18, 2008 10:48 AM

Sun is to ship a fix for vulnerabilities that were found in the mobile version of Java by a Polish security researcher.

The flaws are only present in older versions of Java 2 Platform Micro Edition (J2ME) that were current around 2004, according to the company. Friday's announcement follows the report by Adam Gowdiak, founder and chief executive of Security Explorations, claiming that he had found serious vulnerabilities in implementations of mobile Java, particularly on Nokia Series 40 handsets.

The vulnerabilities would allow someone to hack into a Series 40 handset and control voice and data functionality among other things, according to Gowdiak.

Gowdiak had demanded 20,000 euros (US$30,000) from Sun or Nokia for the full details of the vulnerabilities that he said he had found. It is not known whether either company paid up, as neither has commented on that issue. Sun told ZDNet Asia's sister's site ZDNet UK on Friday that Gowdiak had contacted the company on 7 August, prior to going public with his findings. Sun then "researched the situation" and confirmed "a couple potential vulnerabilities" that were specific to J2ME, a spokesperson said.

According to Sun, most of the "security explorations" carried out by Gowdiak were specific to the Nokia phone stack's implementation of J2ME, rather than J2ME itself. Nokia said on Tuesday that it was currently testing Gowdiak's claims.

"Sun can confirm that there are a couple of potential vulnerabilities outlined in [Gowdiak's] post that are specific to [J2ME] but those are limited to older versions of [J2ME]," Sun's spokesperson said. "In addition, these vulnerabilities would be extremely difficult to exploit because they would require device-specific information that is not readily available."

Sun's spokesperson stressed that the current version of the J2ME implementation, CLDC-HI, is not affected by the vulnerabilities. Licensees of the affected versions have been notified by Sun and will receive a fix within the next month or two, the spokesperson added.

0

0 votes

Save to My Library

Talkback 0 comments

There are currently no comments for this post.

Reply to story

Related Whitepapers

Tech Jobs Now!

TechGuides

Specials
News and Interviews
Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video
Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

As Sun acquisition closes, Oracle outlines new vision
Touts "complete, integrated, engineered systems"
Play video
Apple introduces the iPad
Apple CEO Steve Jobs unveils tablet type device
Play video

Cost Effective, Secure and HA Server Infrastructure for SMBs
Alan Wan from Dell illustrates how small and medium businesses can build a high availability IT infrastructure without requiring heavy investments on skills and resources.
Play video
Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video