The discovery of a serious software bug has simultaneously opened a variety of desktop computers to potential attack.
The flaw has been found in Java, which works on a variety of computer operating systems – from Microsoft’s Windows to free software Linux – which means any worm which exploits it could hit a variety of computer platforms.
The flaw is rated "highly critical" by the computer security firm Secunia and some experts believe it could lead to the development of a cross-platform computer worm.
The bug was discovered in the Java Plugin - a software package that lets small programs written in the Java programming language run automatically on a computer. These small chunks of code, known as "applets", are often embedded in a web page and may be used to display a small animation or play a sound.
The severity of the flaw is increased by the fact that the Java Plugin comes bundled with various web browsers and Java can be run on different operating systems without modification. Software bugs are normally limited in scope to one operating system or application.
Although some versions of Windows do not come with Java preinstalled and older versions of Java are not affected, Thomas Kristensen, chief technology officer at Secunia says millions of internet users are probably vulnerable. "If you were to visit a malicious website it could gain complete access to your system," he told New Scientist.
Kristensen adds that, if such a flaw could be exploited, "it would be fairly easy to make the changes so that [a worm] would be truly cross-platform".
Java was designed with security in mind and Java applets are normally restricted from performing any actions on a computer outside the boundary of a "sandbox". This is built into the Java Runtime Environment, which translates Java code into a form that can be understood by the computer system.
But the bug, discovered by an independent Finnish researcher, Jouko Pynnonen, could be used to make an applet reach outside its sandbox and meddle with a victim's computer.
Avoiding the flaw
"Such [an] applet can then take any action which the user could: browse, read, or modify files, upload more programs to the victim system and run them, or send out data from the system," writes Pynnonen in an alert on his website.
"Java is a cross-platform language so the same exploit could run on various [operating systems] and architectures," Pynnonen adds in his alert, issued on 23 November.
The Java Plugin comes bundled with both the Java Software Developers' Kit and the Java Runtime Environment. The only way to avoid the flaw is to upgrade to the latest versions of each.
The Java Plugin flaw is known to affect both Microsoft's Windows platform and the Linux operating system. It has also been tested on Internet Explorer and rival browsers Firefox and Opera. However, the flaw is not yet known to affect Apple's OSX operating system.
The Java language was released by Sun Microsystems in 1994 and incorporated into the Netscape web browser soon after.
Tags: Operating systems Computers