“The most serious of the security holes ‘could enable an attacker’s Java applet to gain control over another user’s system,’ according to the alert. ‘This would enable the attacker to take any desired action on the user’s system; for instance, the attacker could add, delete or change data on the user’s system; communicate with Web sites; load and run programs; reformat the hard drive, and so forth.’The exploit is possible because of a flaw in the way Microsoft’s JVM handles software written to Microsoft’s Component Object Model (COM). ‘Although the Microsoft (JVM) has security checks to prevent Java applets from invoking COM objects, there is a method of invoking them that bypasses the checks,’ according to the security bulletin.A hacker could use a Web site or HTML-based e-mail to begin the attack,” reports CNET here.
Did someone say, “Switch?”
