16 More Java Vulnerabilities Discovered
The latest pack of security vulnerabilities may affect mobile phone: 2 of them affect the Java virtual machine (JVM), with the rest being specific to Nokia Series 40 phones, which run J2ME MIDlets.
August 13, 2008
According to researchers, the list includes the following:
- gaining additional privileges for a malicious MIDlet, even manufacturer or mobile carrier level
- running a malicious MIDlet when the phone is first turned on
- accessing files
- sending SMS/MMS
- making phone calls
- reading your contacts
- accessing the SIM card
- eavesdropping using the camera and microphone
The group of researchers that uncovered the flaws claim that a several proof of concept(PoC) code is already available. However, unlike they ask for a payment of around $30,000 for those eager to take the first look at their discovery.