Researchers at the University of Washington, in Seattle, yesterday announced that they had found a bug in the Java virtual machine's class verification system. The bug could enable a malicious set of Java classes to crash the virtual machine.
Like the researchers at Princeton University, in Princeton, N.J., the University of Washington team is working together with JavaSoft to improve upon the security of Java.
Going forward, JavaSoft officials said it is working with the University of Washington to embed an automatic verification system into the Java virtual machine.
JavaSoft has issued a patch to its licensees and will include the fix in the next release of the Java Development Kit, Version 1.1.2 due next week.
Microsoft Corp. also has issued its own fix for the security hole.