Hole in MS security brews Java storm

Summary:Applet slips past JVM security.

Another security hole in Microsoft Java Virtual Machine (JVM) that allows a computer to be manipulated freely by a rogue applet, has been uncovered by a researcher at the University of Marburg in Germany.

Karsten Sohr of the University of Marburg discovered it is possible to break through JVM's security with a piece of code that violates Java typing rules but is not detected by Microsoft's JVM verifier.

The exploit was highlighted on popular online security forum The Risks Digest by experts from Princeton University who claim to have developed an applet that illustrates the flaw.

The Princeton experts say they have contacted Microsoft which is currently working on a fix.

Topics: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.