Breaking News: CFOs increasingly involved in IT investment decisions

ZDNet / News / Security

Sun to issue mobile Java fix

By David Meyer , ZDNet UK on August 18, 2008 

 

Summary

The fix follows a report from a security researcher who demanded 20,000 euros (US$30,000) for details of discovered flaws, but it is unclear whether Sun paid.

Events

IBM Technology Conference & Expo 2012
May 23, 2012

Convention Centre B2 Room at 22nd Floor, Centara Grand @ Central World, 999/99 Rama I Road, Pathumwan, Bangkok 10330

Echelon 2012
June 11 and 12, 2012

University Cultural Centre, National University of Singapore

Startup Asia Jakarta 2012
June 7 and 8, 2012

12th Floor, Annex Building, Wisma Nusantara Complex, Jl. M.H. Thamrin No. 59 Jakarta 10350, Indonesia

MMA Forum Singapore
April 23-25, 2012

Grand Hyatt Singapore

Submit

Sun is to ship a fix for vulnerabilities that were found in the mobile version of Java by a Polish security researcher.

The flaws are only present in older versions of Java 2 Platform Micro Edition (J2ME) that were current around 2004, according to the company. Friday's announcement follows the report by Adam Gowdiak, founder and chief executive of Security Explorations, claiming that he had found serious vulnerabilities in implementations of mobile Java, particularly on Nokia Series 40 handsets.

The vulnerabilities would allow someone to hack into a Series 40 handset and control voice and data functionality among other things, according to Gowdiak.

Gowdiak had demanded 20,000 euros (US$30,000) from Sun or Nokia for the full details of the vulnerabilities that he said he had found. It is not known whether either company paid up, as neither has commented on that issue. Sun told ZDNet Asia's sister's site ZDNet UK on Friday that Gowdiak had contacted the company on 7 August, prior to going public with his findings. Sun then "researched the situation" and confirmed "a couple potential vulnerabilities" that were specific to J2ME, a spokesperson said.

According to Sun, most of the "security explorations" carried out by Gowdiak were specific to the Nokia phone stack's implementation of J2ME, rather than J2ME itself. Nokia said on Tuesday that it was currently testing Gowdiak's claims.

"Sun can confirm that there are a couple of potential vulnerabilities outlined in [Gowdiak's] post that are specific to [J2ME] but those are limited to older versions of [J2ME]," Sun's spokesperson said. "In addition, these vulnerabilities would be extremely difficult to exploit because they would require device-specific information that is not readily available."

Sun's spokesperson stressed that the current version of the J2ME implementation, CLDC-HI, is not affected by the vulnerabilities. Licensees of the affected versions have been notified by Sun and will receive a fix within the next month or two, the spokesperson added.

Talkback

Add your opinion

In order to post a comment, you need to be registered. (Sign In or register below)

Post your comment

Resource Centre Useful content from our premier sponsors

Latest Stories

Watch your mouth

Malaysia organizations don't realize severity of cyberattacks

Pacnet CEO departs; acquisition rumors gain steam

Idea Cellular follows Airtel, cuts India 3G tariffs

China solar cell makers seek Taiwan partnerships

ZDNet Asia Live

Malaysia organizations don't realize severity of cyberattacks. http://t.co/QK7PKdaP

RT @daryllau: Malaysia offers some manufacturing benefits over China http://t.co/mH23Uumr

Malaysia organizations don't realize severity of cyberattacks - ZDNet Asia http://t.co/HniF8J72 #news

#InfoSec Malaysia organizations don't realize severity of cyberattacks - ZDNet Asia http://t.co/vFzACdwm #CyberSecurity

http://t.co/bTDnDh7J Malaysia organizations don't realize severity of cyberattacks - ZDNet Asi... http://t.co/CzsMF2zn #infosec #security

Malaysia organizations don't realize severity of cyberattacks - ZDNet Asia: Malaysia organizat... http://t.co/iUpDhbeU #cloud #fail #TCN

Pacnet CEO departs; acquisition rumors gain steam. http://t.co/Nu2Mdcj0

Malaysia organizations don't realize severity of cyberattacks http://t.co/zeaxHbYa http://t.co/erFSwAUB #arcavir

http://t.co/VNaUVSe1 Malaysia organizations don't realize severity of cyberattacks: Cyberatt... http://t.co/TA5zWvUI http://t.co/wiqTBKkj

Malaysia organizations don't realize severity of cyberattacks - ZDNet Asia: Malaysia organizations don't realize... http://t.co/x1BJ0qSK

Malaysia organizations don't realize severity of cyberattacks - ZDNet Asia: Malaysia organizations don't realize... http://t.co/3Yaa40JE

Malaysia organizations don't realize severity of cyberattacks, country's minister of sci, tech, innovation says http://t.co/KGEHLi18 #in

Malaysia offers some manufacturing benefits over China http://t.co/mH23Uumr

Malaysia offers some manufacturing benefits over China - ZDNet Asia http://t.co/j04OySNl

RT @zdnetasia: Idea Cellular follows Airtel, cuts India 3G tariffs. http://t.co/WNjnBHSX

So much as we know , MTK6575 extremely integrated frequency1GHz ARM Cortex-A9 processor, the superiority of 3G / HSPA Modem, and help the...

1 day ago by y15822137359 on 5 SaaS adoption speed bumps to avoid

I reckon your view: "CRM is strategy, not software", if a company replicating the approach uses in ERP implementation into CRM, what they...

2 days ago by wykoong on Gartner: Mobile CRM gives better ROI than social

This video will teach you about the Excel fill handle but also provide you with a workook to download... http://www.youtube.com/watch?v=...

2 days ago by TradeBrother on A quick fill handle trick for Microsoft Excel

waiting...

4 days ago by eapete on What should count in a company's market value?

Boy, you've opened a can of worms now.

Wait for the rants & raves.

4 days ago by eapete on What should count in a company's market value?

I was puzzling before this whether to replicate the success formula we executed for a financial institute, and come out with a standard s...

5 days ago by wykoong on Drop the egos, copy ideas, then innovate

Keep up with ZDNet Asia

Facebook Join our fan page

RSS Feeds Subscribe now

NewslettersNewsletters Subscribe today

Twitter Follow us