somepoint210
24.10.04, 20:10
A Polish researcher has found two vulnerabilities in the cell phone version of
Sun Microsystems' Java software that under unusual circumstances could let a
malicious program read private information or render a phone unusable.
The flaws are difficult to exploit because malicious programs must be tailored
to a specific model of cell phone, said Adam Gowdiak, a 29-year-old security
researcher with the Poznan Supercomputing and Networking Center who discovered
the vulnerabilities. He figured out how to attack a Nokia 6310i mobile phone,
but the effort took four months, he said in a Friday posting to the BugTraq
vulnerability mailing list.
Before the vulnerabilities could be exploited, a phone user would have to
download and run a malicious Java program, called a midlet, Gowdiak said in an
e-mail interview. He's not aware of a way to automate an attack. He notified
Sun of the vulnerabilities in August, and the company said it sent Java
licensees a patched version of the vulnerable component, called the Java
bytecode verifier, within two weeks. "We have not seen any attempts to exploit
this vulnerability, but if there is one, the user can simply delete...the
applications they downloaded from an untrusted source," said Eric Chu, Sun's
director of marketing for the Java 2 Micro Edition, or J2ME, software.
news.zdnet.com/2100-1009_22-5423310.html
Pit, mozesz byc dumny z Poznania:) Pozdr.
