...
| Wiki Markup |
|---|
A recently identified bug manifests in JRE and JDK version 6.0 and prior, wherein an attacker can predict the names of the temporary files and thusas a result write malicious JAR files via unknown vectors \[[CVE 08|AA. Java References#CVE 08]\]. Denial of Service attacks are also possible if unclaimed temporary resources cause rapid disk space exhaustion \[[Secunia Advisory 20132|http://secunia.com/advisories/20132/]\]. |
...
Deletion will be attempted only for normal termination of the virtual machine, as defined by the Java Language Specification. Once deletion has been requested, it is not possible to cancel the request. This method should therefore consequently be used with care.
Note: this method should not be used for file-locking, as the resulting protocol cannot be made to work reliably.
...