My name is Justin and you can check out my Programming Blog at: CodeJustin.com - Justin has posted 65 posts at DZone. View Full User Profile

Apple Fixes 15 Security Holes with Java

09.04.2009
| 4256 views |
  • submit to reddit
As a follow up to yesterdays post, Apple released a new version of Java for Mac to plug a total of 15 documented security vulnerabilities that could lead to remote code execution attacks via rigged Web pages.

The Java for Mac OS X 10.5 Update 5 includes patches for security holes covered by Sun Microsystems last month.

From Apple’s advisory:

  • Multiple vulnerabilities exist in Java 1.6.0_13, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • Multiple vulnerabilities exist in Java 1.5.0_19, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • Multiple vulnerabilities exist in Java 1.4.2_21, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • A stack buffer overflow exists in Java Web Start command launcher. Launching a maliciously crafted Java Web Start application may lead to an unexpected application termination or arbitrary code execution.

Java for Mac OS X 10.5 Update 5 is available via the Software Update pane in System Preferences, or Apple’s Software Downloads Web site.

0
Published at DZone with permission of its author, Justin Sargent.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Tags: