• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • New Java Vulnerabilities No Threat To IBM i

    January 23, 2013 Alex Woodie

    The Java vulnerabilities that hackers have been exploiting on computers around the world do not exist on the implementation of Java that IBM runs on its IBM i platform, IBM officials confirmed last week.

    “IBM has confirmed that the IBM Java Software Development Kit (SDK) and IBM Java Runtime Environment (JRE) are not vulnerable to this reported exploit,” spokesperson Kristin Bryson, of IBM’s Systems and Technology Group, told IT Jungle via email. “The IBM version of Java (which is used on IBM i) has been tested for this issue and it is not in the IBM version of Java.”

    The Java vulnerabilities took the IT security world by storm after hackers began exploiting the flaws before Oracle could issue a patch. The ready availability of exploit kits and the slow response from Oracle led the federal government to recommend that computer users protect themselves by removing Java from their systems. The new security flaws in Java are isolated to the Web browser and don’t impact server implementations of Java, IBM said.

    It all started on January 10, when CERT issued a security alert warning about a zero-day vulnerability (CVE-2013-0422) in version 7 update 10 of the Java Development Kit (JDK) that was being actively exploited. The vulnerability, which actually involved multiple vulnerabilities, resulted in hackers being able to run arbitrary code on affected systems.

    On January 13, Oracle responded to the so-called “Security Manager Bypass Vulnerability” with JDK version 7 update 11. The software giant encouraged users to apply the update to their JREs “as soon as possible” to avoid falling victim to the flaw, which requires users to visit a maliciously crafted website.

    In addition to addressing CVE-2013_0422, Oracle also addressed another critical Java vulnerability called CVE-2012-3174 that allows hackers to take full control of victims’ computers. The details of this second vulnerability have not been disclosed, according to CERT, but it carries the same severity level–10.0 on a scale of 1 to 10. Oracle says in its security alert for CVE-2013-0422 that it also fixes CVE-2012-3174.

    Although the underlying flaw exists in the JDK, it appears that Oracle’s Java implementation–its Java Runtime Environment (JRE) version 1.7–is the one mainly affected by these vulnerabilities. Oracle’s JRE has been ported to multiple systems, including Windows, OS/X, and Linux systems. Oracle’s JRE is arguably the world’s most popular Java environment. But dozens of other software vendors, including IBM, Hewlett-Packard, SAP, and Microsoft, also develop JVMs (Microsoft discontinued its JVM in 2011).

    IBM stopped using Sun Microsystems’ tools to develop its Java Virtual Machine (JVM) and JREs (a JRE is composed of a JVM and Java class libraries) with the launch of IBM i 7.1 in 2010. That was the year that IBM stopped supporting the “classic” 64-bit JVM for i5/OS that was originally developed with Sun’s tools. Taking place of the classic 64-bit JVM were two other “J9” JVMs (one 32 bit and one 64 bit) that IBM wrote using its own IBM Technology for Java (IT4J) tooling. These JVMs support JDK version 1.7 and earlier, and are used, basically unchanged, across IBM’s complete line of IBM i, AIX, Linux, and Windows servers.

    This article was corrected. IBM did not recently issue a patch for a Java vulnerability, CVE-2010-4476. It actually patched that flaw when it was discovered in February 2011. IT Jungle regrets the error.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    OCEAN User Group

    OCEAN TechCon25 Online

    It’s an Exciting Time for IBM i !

    July 16 & 17, 2025 – ONLINE

    Two virtual days of learning, presented by an outstanding group of IBM’ers and IBM Champions, featuring leading-edge topics.

    FREE for OCEAN members!

    Register NOW!

    Annual (12-month) Individual OCEAN Memberships are $80 and a Corporate Membership is $250. A Corporate Membership would allow your entire company to have full access to the OCEAN website & video library and to attend OCEAN events at member rates. Act now because rates are increasing on August 1, 2025.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Mainline Buys BI Services Firm Coming Soon: Entry And Midrange Power7+ Servers

    Leave a Reply Cancel reply

Volume 23, Number 3 -- January 21, 2013
THIS ISSUE SPONSORED BY:

Infinite Corporation
Bug Busters Software Engineering
Linoma Software
HiT Software
RJS Software Systems

Table of Contents

  • New Java Vulnerabilities No Threat To IBM i
  • IBM Taps Ingram Micro, Tech Data To Peddle Power Systems, Storage
  • Steve Will Keeps His i On The Prize
  • Mad Dog 21/21: Google Evildoers Filched Funds From My Wallet
  • IBM Doubles Up Rebates On Power Systems Trade-In Deal
  • IBM: I Have Seen the Future And It Works
  • IBM Europe Gives Rebates To Power Resellers Who Push ISV Wares
  • Data Skills Crashes Dice Top Five Hiring Demands
  • SAP Profits From HANA Appliance, Cloud, And Plain Old Software
  • Steampunk Will Be The Next Big Rage, So Saith IBM

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • With Power11, Power Systems “Go To Eleven”
  • With Subscription Price, IBM i P20 And P30 Tiers Get Bigger Bundles
  • Izzi Buys CNX, Eyes Valence Port To System Z
  • IBM i Shops “Attacking” Security Concerns, Study Shows
  • IBM i PTF Guide, Volume 27, Number 26
  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle