Java Glitch Found

SANTA CLARA, Calif. – Security firm iDefense issued a warning Tuesday that Sun Microsystems' Java Plug-in technology has been identified as having a vulnerability that if exploited could expose a user's network.

The Java Plug-in establishes a connection between popular browsers and the Java platform.

According to Reston, Va.-based iDefense, which roots out malicious code, the vulnerability has been detected in Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04.

The security firm also believes that earlier versions of Java Virtual Machine are vulnerable and that browsers such as Internet Explorer, Mozilla and Firefox on both Windows and Unix platforms could be exploited if they are running a vulnerable JVM.

The vulnerability could provide a gateway for a hacker to bypass the Java sandbox and all security restrictions imposed within Java Applets and provide access to downloading, uploading or executing files within the user's PC, iDefense warned.

"Successful exploitation allows remote attackers to execute hostile Applets that can access files as well as access the network," iDefense stated.

According to the developer's definition, a JVM "mimics" a real Java processor, enabling Java bytecode to be executed as actions or operating system calls on any processor regardless of the operating system.

"A number of private Java packages exist within the JVM and are used internally by the VM," iDefense stated. "Security restrictions prevent applets from accessing these packages. Any attempt to access these packages, results in a thrown exception of 'AccessControlException,' unless the applet is signed and the user has chosen to trust the issuer."

The security firm is recommending that disabling Java or JavaScript will prevent exploitation as the vulnerability relies on the data transfer between the two components.

Copyright © 2025 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More News

XBIZ 2026 Conference to Debut All-New Company Lounges, Community Track

The event website for XBIZ 2026 is now live, unveiling details for North America’s largest adult industry conference, including two all-new show features: Company Lounges and a Community Track.

Mymember.site Integrates VR Functionality

Mymember.site has added virtual reality playback capability to its website management platform.

Texas Patti to Launch Fetish Platform 'EmpireDom'

Performer and content creator Texas Patti is launching a new platform for doms and fetish creators, EmpireDom.com.

Ohio AG Threatens Action Against 'Major' Adult Sites Over AV Law

Ohio Attorney General Dave Yost announced today that his office is sending "notice of violation" letters to 19 adult websites for failure to comply with the state's recently enacted age verification law.

Chaturbate Announces 2025 Music Contest Winners

Chaturbate has revealed the winners of its 2025 music competition.

2026 XBIZ Exec Awards Pre-Noms Open With Debut of New 'Impact' Honors

XBIZ is pleased to announce that the pre-nomination period for the 2026 XBIZ Exec Awards, the adult industry’s premier career honor, begins today and runs through Oct. 14.

MYM Rolls Out New Traffic Features for German Creators

German platform MYM has launched a new traffic system for its creators.

Ukrainian Content Creators on Hook for Nearly $10M in Back Taxes

Content creators in Ukraine owe the equivalent of $9.3 million in back taxes, according to the country's State Tax Service.

Eroutique Relaunches Site Through YourPaysitePartner

Eroutique has relaunched its official website through YourPaysitePartner (YPP).

Update: Pornhub Will Not Block Ohio, Despite AV Law

Pornhub parent company Aylo will not block access to its websites in Ohio, despite new state age verification rules that came into effect Sept. 30.

Show More