Apple Fixes 15 Security Holes with Java
As a follow up to yesterdays post, Apple released a new version of Java for Mac to plug a total
of 15 documented security vulnerabilities that could lead to remote
code execution attacks via rigged Web pages.
Published at DZone with permission of its author, Justin Sargent.The Java for Mac OS X 10.5 Update 5 includes patches for security holes covered by Sun Microsystems last month.
From Apple’s advisory:
- Multiple vulnerabilities exist in Java 1.6.0_13, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
- Multiple vulnerabilities exist in Java 1.5.0_19, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
- Multiple vulnerabilities exist in Java 1.4.2_21, the most serious of which may allow an untrusted Java applet to obtain elevated privileges. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
- A stack buffer overflow exists in Java Web Start command launcher. Launching a maliciously crafted Java Web Start application may lead to an unexpected application termination or arbitrary code execution.
Java for Mac OS X 10.5 Update 5 is available via the Software Update pane in System Preferences, or Apple’s Software Downloads Web site.
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)
Tags:
