The JavaSoft patch for the JDK will be available shortly, at which time an announcement will be made to the java-interest@java.sun.com mailing list and posted on our What's New page.

The claim is that the Java applet could be created to "spoof" an IP address and thereby enter unprotected areas of a network.

"Internet spoofing is a problem that precedes Java and has no direct correlation to Java or Java applets", says Marianne Mueller, a JavaSoft security expert.

"The possibility of using Java applets in the manner described by the Princeton students requires an extremely remote set of circumstances, including the ability of the attacker to know names of machines within a secure network, the ability to attract a user on that network to visit his/her site, and the ability to attract the user to run an applet that would have been created to conduct the spoofing.

Even though the combination of these sets of circumstances is very remote, all possible network security breaches are considered serious and we thank the students at Princeton for raising the awareness level on this issue."

Sun and Netscape will issue a patch which will restrict Java applets in a manner that will eliminate the possibility of this spoofing scenario from occurring.

Copyright © 1995 Sun Microsystems, Inc., 2550 Garcia Ave., Mtn. View, CA 94043-1100 USA. All rights reserved. For Java technical support, see the newsgroup comp.lang.java or send mail to java@java.sun.com. For problems with this web site, send mail to webmaster@java.sun.com.